What is the primary authentication method for the ELI API?

The ELI API primarily uses API key authentication. You obtain a unique key from your ELI account dashboard and include it in the Authorization header of your API requests.

How do I get an ELI API key?

You can get an ELI API key by logging into your ELI account, navigating to the 'API Keys' or 'Developer Settings' section in your dashboard, and generating a new key. Remember to store it securely.

Can I use ELI API keys on the client-side (e.g., in a browser)?

It is strongly recommended to use ELI API keys only on the server-side. Exposing API keys in client-side code can lead to security vulnerabilities. If client-side access is needed, use a proxy server.

What is the recommended way to store my ELI API key?

The recommended way to store your ELI API key is in environment variables. This prevents the key from being hardcoded into your application's source code and exposed in version control systems.

Does ELI support OAuth 2.0 for authentication?

ELI's current API design focuses on direct API key authentication for simplicity and effectiveness in its core use cases. OAuth 2.0 is not a supported authentication method for the ELI API at this time.

What should I do if my ELI API key is compromised?

If you suspect your ELI API key has been compromised, you should immediately generate a new key through your ELI dashboard and revoke the old one. Also, review your application's logs for any unusual activity.

Is communication with the ELI API encrypted?

Yes, all communication with the ELI API is conducted over HTTPS. This encrypts data in transit, protecting your API key and the data you send and receive from interception.

ELI Authentication: API Key & Security Best Practices (2026)

ELI authentication primarily uses API keys for securing access to its Natural Language Processing (NLP) services. Developers obtain a unique key from their ELI account dashboard, which is then included in the authorization header of API requests. This method ensures that only authorized applications can interact with ELI's Sentiment Analysis, Entity Extraction, and other text analysis APIs.

Authentication overview

ELI, a provider of AI and Machine Learning services specializing in Natural Language Processing (NLP), secures access to its API through API key authentication. This method is standard for many RESTful APIs, providing a straightforward way for developers to authenticate their applications and manage access to services like Sentiment Analysis and Topic Modeling ELI API reference. The ELI API is designed to be consumed by client applications, making API keys a practical choice for managing access control.

API keys serve as a unique identifier and secret token that an application uses to authenticate itself when making calls to the ELI API. Each key is associated with an ELI account and its permissions, allowing ELI to track usage, enforce rate limits, and ensure that only authorized requests are processed. This approach simplifies the authentication process for developers while maintaining a necessary level of security for the API's resources.

Supported authentication methods

ELI primarily supports API key authentication. This method involves generating a unique alphanumeric string (the API key) from your ELI account dashboard and including it in the headers of your API requests. While other authentication mechanisms exist across the industry, such as OAuth 2.0 for delegated authorization or mutual TLS for client certificate verification, ELI's current API design focuses on the simplicity and effectiveness of API keys for direct application-to-API communication ELI documentation portal.

API keys are suitable for server-side applications where the key can be securely stored and managed. For client-side applications or scenarios requiring user delegation, alternative authentication flows might be considered by other API providers, such as those detailed in the OAuth 2.0 specification. However, for ELI's use cases in customer feedback analysis and content categorization, direct API key integration is the recommended and supported method.

Authentication methods table

Method	When to Use	Security Level
API Key	Server-side applications, direct API access, internal tools.	Moderate (High if managed securely, e.g., environment variables).

Getting your credentials

To obtain your ELI API key, follow these steps:

Sign Up or Log In: Navigate to the ELI homepage and either create a new account or log in to your existing one.
Access Dashboard: Once logged in, access your developer dashboard or account settings. The exact navigation may vary, but typically you'll find a section labeled "API Keys," "Developer Settings," or similar.
Generate Key: Within the API Keys section, you will usually find an option to generate a new API key. ELI may allow you to create multiple keys for different projects or environments (e.g., development, staging, production) to enhance security and key management.
Copy Key: After generation, your unique API key will be displayed. It is crucial to copy this key immediately and store it securely, as it may not be retrievable again for security reasons. If lost, you might need to generate a new one.

ELI provides a free tier that includes 5,000 API calls per month, making it accessible for initial testing and development ELI pricing details. Your API key will grant you access to this free tier and any subsequent paid plans you subscribe to.

Authenticated request example

After obtaining your API key, you will include it in the Authorization header of your HTTP requests to the ELI API. The key should be prefixed with Bearer, following common API token practices. Below are examples using Python and Node.js, two of the primary language examples for ELI's SDKs.

Python example


import requests
import os

# It's recommended to store your API key in an environment variable
ELI_API_KEY = os.getenv('ELI_API_KEY')

if ELI_API_KEY is None:
    raise ValueError("ELI_API_KEY environment variable not set.")

api_endpoint = "https://api.eli.com/v1/sentiment"
headers = {
    "Authorization": f"Bearer {ELI_API_KEY}",
    "Content-Type": "application/json"
}

data = {
    "text": "The service was exceptional, very prompt and helpful!"
}

try:
    response = requests.post(api_endpoint, headers=headers, json=data)
    response.raise_for_status()  # Raise an exception for HTTP errors
    print("API Response:", response.json())
except requests.exceptions.HTTPError as err:
    print(f"HTTP error occurred: {err}")
except requests.exceptions.RequestException as err:
    print(f"An error occurred: {err}")

Node.js example


const axios = require('axios');

// It's recommended to store your API key in an environment variable
const ELI_API_KEY = process.env.ELI_API_KEY;

if (!ELI_API_KEY) {
    throw new Error("ELI_API_KEY environment variable not set.");
}

const apiEndpoint = "https://api.eli.com/v1/entity-extraction";
const headers = {
    "Authorization": `Bearer ${ELI_API_KEY}`,
    "Content-Type": "application/json"
};

const data = {
    "text": "Apple Inc. was founded by Steve Jobs, Steve Wozniak, and Ronald Wayne."
};

async function callEliApi() {
    try {
        const response = await axios.post(apiEndpoint, data, { headers });
        console.log("API Response:", response.data);
    } catch (error) {
        if (error.response) {
            console.error("HTTP error occurred:", error.response.status, error.response.data);
        } else if (error.request) {
            console.error("No response received:", error.request);
        } else {
            console.error("Error setting up request:", error.message);
        }
    }
}

callEliApi();

Security best practices

Proper management of your ELI API keys is critical to maintaining the security and integrity of your applications and data. Adhering to these best practices can mitigate risks associated with unauthorized access:

Environment Variables: Store API keys in environment variables rather than hardcoding them directly into your application's source code. This prevents keys from being exposed in version control systems like Git. For example, in Linux/macOS, you can use export ELI_API_KEY="your_key_here".
Server-Side Usage: Always use API keys from your backend server. Avoid exposing API keys in client-side code (e.g., JavaScript in a web browser or mobile app), as they can be easily intercepted. If client-side access is necessary, consider using a proxy server to funnel requests through your backend.
Restrict Access: Limit who has access to your API keys. Treat them with the same level of confidentiality as other sensitive credentials.
Regular Rotation: Periodically rotate your API keys. If ELI supports key rotation (generating a new key and deactivating the old one), implement a schedule for doing so. This minimizes the impact if a key is compromised.
IP Whitelisting (if available): If ELI's platform offers IP whitelisting, configure it to allow API requests only from known and trusted IP addresses. This adds an extra layer of security, ensuring that even if a key is stolen, it cannot be used from an unauthorized location. Refer to the ELI security documentation for platform-specific features.
Monitor Usage: Regularly monitor your API usage patterns through the ELI dashboard. Unusual spikes in activity or requests from unexpected locations could indicate a compromised key.
HTTPS Only: Ensure all communications with the ELI API are conducted over HTTPS (HTTP Secure). ELI's API endpoints are served exclusively over HTTPS to encrypt data in transit, protecting your API key and data from interception Mozilla's HTTPS explanation.
Error Handling: Implement robust error handling in your applications to gracefully manage authentication failures. Avoid logging API keys or sensitive information in error messages.

ELI Authentication: API Key & Security Best Practices (2026)

Authentication overview

Supported authentication methods

Authentication methods table

Getting your credentials

Authenticated request example

Python example

Node.js example

Security best practices

Frequently asked questions

Reviews

Discussion

Written by