Authentication overview

Aylien Text Analysis requires authentication for all API requests to ensure secure and authorized access to its natural language processing functionalities, including sentiment analysis, entity extraction, and content summarization. The core authentication mechanism involves an Application ID and an API Key, which are unique credentials assigned to each developer account. These credentials serve to identify the client making the request and verify their permission to access specific API endpoints. The system is designed to prevent unauthorized usage and protect both user data and API resources.

Beyond basic credential transmission, Aylien Text Analysis also supports request signing, an additional layer of security that verifies the integrity and authenticity of requests. This mechanism involves generating a cryptographic signature using your API Key and including it with each request. Request signing helps mitigate risks such as tampering and replay attacks by ensuring that a request has not been altered in transit and originates from an authorized source. This approach aligns with common industry practices for securing RESTful APIs, where clear identification and verifiable request integrity are paramount for data exchange.

Supported authentication methods

Aylien Text Analysis primarily uses a combination of an Application ID and an API Key for authentication. This method is implemented as HTTP headers in API requests.

The table below summarizes the supported authentication method:

Method Description When to Use Security Level
Application ID & API Key A unique identifier for your application (App ID) paired with a secret key (API Key). Both are sent as HTTP headers (X-AYLIEN-TextAPI-Application-ID and X-AYLIEN-TextAPI-API-Key). For all programmatic access to Aylien Text Analysis API endpoints. This is the standard and recommended method for authenticating your applications. Standard. Provides client identification and basic access control. Enhanced by request signing for increased integrity and authenticity verification.
Request Signing (HMAC-SHA1) An optional, additional layer of security where a cryptographic hash (HMAC-SHA1) of the request's content and timestamp is generated using your API Key and included in the X-AYLIEN-TextAPI-Signature header. Recommended for applications requiring higher security, such as those operating in environments vulnerable to tampering or replay attacks. High. Verifies request integrity, prevents tampering, and ensures authenticity by proving knowledge of the secret key without sending it directly in the signed portion.

While API keys offer a straightforward authentication mechanism, it is important to treat them as sensitive credentials. Protocols like OAuth 2.0, commonly used for delegated authorization, are not directly implemented by Aylien Text Analysis for first-party application authentication, as the API Key and Request Signing system fulfills the requirements for direct machine-to-machine interactions. However, developers integrating Aylien Text Analysis into larger systems that utilize OAuth 2.0, such as a user-facing application, would typically manage the Aylien API Key within their backend service, which itself would be authenticated via OAuth to the user. Best practices for API key management are critical, as outlined by organizations like the Internet Engineering Task Force (IETF) for secure credential handling, which emphasizes protecting secret keys from unauthorized disclosure (IETF RFC 7235 on Authentication Challenges).

Getting your credentials

To obtain the necessary Application ID and API Key for Aylien Text Analysis, you must register for an account on the Aylien developer portal. The process typically involves a few steps:

  1. Sign Up/Log In: Navigate to the Aylien Text Analysis homepage and either create a new account or log in to an existing one.
  2. Access Developer Dashboard: Once logged in, you will typically be directed to a developer dashboard or a similar portal where you can manage your applications and API access.
  3. Retrieve Credentials: Within your dashboard, there should be a section dedicated to API credentials. Here, you will find your unique Application ID and API Key. These are typically generated automatically upon account creation or can be generated manually if needed (Aylien Text Analysis documentation for API keys).
  4. Copy and Secure: Carefully copy both your Application ID and API Key. It is crucial to treat your API Key as a sensitive secret, similar to a password. Do not hardcode it directly into client-side code, commit it to version control, or expose it in public repositories.

Aylien provides a free tier that includes 1,000 requests per day, making it accessible for testing and initial development. Paid plans, starting at $29/month, offer increased request limits and additional features. Regardless of your plan, the credential retrieval process remains consistent.

Authenticated request example

Authenticated requests to the Aylien Text Analysis API include specific HTTP headers containing your Application ID and API Key. When using request signing, an additional signature header is also included.

Below is an example of an authenticated request using Python, demonstrating how to include the necessary headers and, optionally, how to implement request signing.

Python Example (with Request Signing)

The Aylien Text Analysis Python SDK simplifies the process by handling header construction and request signing automatically. You initialize the client with your credentials, and the SDK manages the rest.


import aylien_textapi
import os

# Retrieve credentials from environment variables for security
app_id = os.environ.get('AYLIEN_APP_ID')
api_key = os.environ.get('AYLIEN_API_KEY')

if not app_id or not api_key:
    print("Error: AYLIEN_APP_ID and AYLIEN_API_KEY environment variables must be set.")
    exit(1)

client = aylien_textapi.Client(app_id, api_key)

text_to_analyze = "The quick brown fox jumps over the lazy dog. This is a great example!"

try:
    # Example: Sentiment analysis
    sentiment = client.Sentiment({
        'text': text_to_analyze
    })
    print("Sentiment Analysis Result:")
    print(f"Polarity: {sentiment['polarity']}")
    print(f"Subjectivity: {sentiment['subjectivity']}")
    print(f"Text: {sentiment['text']}")

    # Example: Entity extraction
    entities = client.Entities({
        'text': text_to_analyze
    })
    print("\nEntity Extraction Result:")
    print(f"Entities: {entities['entities']}")

except aylien_textapi.errors.AylienAPIError as e:
    print(f"API Error: {e.message}")
    print(f"HTTP Status: {e.status_code}")
except Exception as e:
    print(f"An unexpected error occurred: {e}")

Node.js Example (with Request Signing)

Similar to Python, the Node.js SDK for Aylien Text Analysis abstracts the signing process.


const aylien = require('aylien_textapi');

// Retrieve credentials from environment variables
const appId = process.env.AYLIEN_APP_ID;
const apiKey = process.env.AYLIEN_API_KEY;

if (!appId || !apiKey) {
    console.error("Error: AYLIEN_APP_ID and AYLIEN_API_KEY environment variables must be set.");
    process.exit(1);
}

const textapi = new aylien({
  application_id: appId,
  application_key: apiKey
});

const textToAnalyze = "The quick brown fox jumps over the lazy dog. This is a great example!";

textapi.sentiment({ text: textToAnalyze }, function(error, response) {
  if (error === null) {
    console.log("Sentiment Analysis Result:");
    console.log(`Polarity: ${response.polarity}`);
    console.log(`Subjectivity: ${response.subjectivity}`);
    console.log(`Text: ${response.text}`);
  } else {
    console.error("API Error: ", error);
  }
});

textapi.entities({ text: textToAnalyze }, function(error, response) {
    if (error === null) {
      console.log("\nEntity Extraction Result:");
      console.log(`Entities: ${JSON.stringify(response.entities)}`);
    } else {
      console.error("API Error: ", error);
    }
});

These examples illustrate the streamlined authentication process when using the official SDKs. The SDKs handle the generation of the X-AYLIEN-TextAPI-Application-ID, X-AYLIEN-TextAPI-API-Key, and X-AYLIEN-TextAPI-Signature headers based on the credentials you provide during client initialization.

Security best practices

Properly securing your Aylien Text Analysis credentials is crucial to prevent unauthorized access and potential misuse of your account. Adhering to these best practices will help maintain the integrity and confidentiality of your API interactions.

  • Environment Variables for Credentials: Always store your Application ID and API Key as environment variables or in a secure configuration management system. Avoid hardcoding these credentials directly into your source code. This practice prevents accidental exposure through version control systems like Git and simplifies credential rotation. 
    export AYLIEN_APP_ID="YOUR_APP_ID"
export AYLIEN_API_KEY="YOUR_API_KEY"
  • Never Expose Client-Side: API Keys should never be exposed in client-side code (e.g., JavaScript in a web browser, mobile application code). Client-side exposure makes them easily discoverable and exploitable. All API calls requiring your Aylien Text Analysis credentials should originate from a secure backend server.
  • IP Whitelisting (if available): Check the Aylien Text Analysis developer portal for options to restrict API key usage to specific IP addresses (IP whitelisting). If supported, configure this feature to allow requests only from your trusted server IPs, adding a layer of network-level security. This can often be found in the security or settings section of your developer dashboard.
  • Credential Rotation: Periodically rotate your API Keys. Many services, including potentially Aylien Text Analysis, offer mechanisms to generate new keys and revoke old ones. Regular rotation minimizes the risk associated with a compromised key over time.
  • Monitor API Usage: Regularly review your API usage statistics in the Aylien Text Analysis dashboard. Unusual spikes in activity or requests from unexpected geographical locations could indicate a compromised key. Set up alerts if the platform provides such functionality.
  • Least Privilege Principle: If Aylien Text Analysis offers granular permissions for API keys (e.g., read-only vs. read/write, access to specific endpoints), configure your keys with the minimum necessary permissions required for each application. This limits the damage if a key is compromised.
  • Secure Development Lifecycle: Integrate security considerations throughout your development process. Conduct regular code reviews, security testing, and adhere to secure coding guidelines to prevent vulnerabilities that could lead to credential exposure. For additional guidance on securing API keys, consult resources like the Google Maps Platform API key best practices, which offer generalizable advice on protecting such credentials.
  • HTTPS/TLS Enforcement: All communications with the Aylien Text Analysis API happen over HTTPS, ensuring that your Application ID, API Key, and the data you send and receive are encrypted in transit. Verify that your application is always using HTTPS when interacting with the API to prevent man-in-the-middle attacks.