Skip to main content

Bearer token

All custom routes — except the Composio OAuth callback (GET /composio/callback) — require a bearer token. Send it in the Authorization header:
curl https://sidenet-api.up.railway.app/api/v1/threads \
  -H "Authorization: Bearer YOUR_API_KEY"
In the API Reference “Try it” panel, paste your token into the Authorization field and it is sent automatically.

Organization context

Requests are scoped to an organization. The org is resolved in this order:
  1. The organization bound to your API key (preferred — nothing extra to send).
  2. The X-Organization-Id header, when you need to act on a specific org.
curl https://sidenet-api.up.railway.app/api/messages?threadId=THREAD_ID \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Organization-Id: YOUR_ORG_ID"

User identity

Endpoints that read or write user-scoped data (threads, messages, memory) also need to know which end user the request is for. Send the X-User-Id header; user-scoped resources resolve to {orgId}_{userId}:
curl https://sidenet-api.up.railway.app/api/v1/threads \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Organization-Id: YOUR_ORG_ID" \
  -H "X-User-Id: END_USER_ID"
A userId query param (or body field, where documented) is accepted as a fallback.
Both headers are listed on each endpoint’s reference page, along with any endpoint-specific requirements — e.g. POST /v1/experiments requires both X-Organization-Id and X-User-Id.

Errors

StatusMeaning
401Missing or invalid bearer token.
403Token is valid but not authorized for the requested organization or resource.
429Usage limit reached for the organization.