Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docsa.stemfard.com/llms.txt

Use this file to discover all available pages before exploring further.

Stemfard authenticates requests using API keys. Every request to a mathematics endpoint must include your API key in the Authorization header as a Bearer token. Requests without a valid key are rejected with a 401 Unauthorized response. This page explains how to get your key, how to pass it, and how to keep it secure.

Get your API key

Your API key is generated when you create a Stemfard account. You can find it in your dashboard at any time.
1

Sign in to your Stemfard dashboard

Go to your Stemfard account dashboard and navigate to the API Keys section.
2

Copy your API key

Copy your key and store it somewhere secure, such as a password manager or secrets vault. Treat it like a password — it grants full access to your account’s API usage.
3

Set it as an environment variable

In your development environment, set the key as an environment variable rather than hardcoding it in your source code:
export STEMFARD_API_KEY="your-api-key-here"
Never hardcode your API key directly in source code or commit it to version control. If your key is exposed, regenerate it immediately from your dashboard.

Pass your API key in requests

Include your API key in the Authorization header of every request using the Bearer scheme: 
Authorization: Bearer <your-api-key>
The examples below show how to do this in common environments. 
curl --request POST \
  --url https://api.stemfard.com/api/v1/mathematics/linear-algebra/matrix-operations/matrix-arithmetic/add \
  --header "Authorization: Bearer $STEMFARD_API_KEY" \
  --header "Content-Type: application/json" \
  --data '{
    "a": [[1, 2], [3, 4]],
    "b": [[5, 6], [7, 8]],
    "api_level": "standard"
  }'

Authentication errors

If your request fails authentication, the API returns a 401 Unauthorized response.
ScenarioStatus codeLikely cause
Missing Authorization header401The header was not included in the request
Malformed header401The header value does not follow the Bearer <key> format
Invalid or revoked key401The key does not exist or has been regenerated
If you receive a 401 and your key looks correct, check that there are no extra spaces or newline characters in the key value, and confirm the header name is exactly Authorization.
The GET / and GET /health endpoints are public and do not require authentication. All /api/v1/ endpoints require a valid API key.

Security best practices

Following these practices keeps your key and your users’ data safe.
Never expose your API key in client-side code — including frontend JavaScript, mobile app binaries, or any code that ships to end users. Anyone who can read your key can use it to make requests billed to your account.
  • Use environment variables — Read your key from process.env.STEMFARD_API_KEY (Node.js), os.environ["STEMFARD_API_KEY"] (Python), or your platform’s equivalent. Never hardcode it.
  • Proxy requests through your backend — If your frontend needs Stemfard data, have it call your own server, which then calls the Stemfard API. Your key stays server-side.
  • Rotate keys periodically — Regenerate your API key from the dashboard if you suspect it has been exposed or if a team member with access leaves.
  • Restrict access in CI/CD — Store your key as a secret in your CI/CD platform (GitHub Actions, GitLab CI, etc.) rather than in plain configuration files.