AMP
GitHub
Getting Started

Authentication

Securely authenticate your requests with AMP API keys.

API Keys

AMP uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Key Format

AMP API keys follow this format:

amp_sk_live_1234567890abcdef
  • amp_ - Prefix identifying this as an AMP key
  • sk_ - Indicates this is a secret key
  • live_ - Environment (live or test)
  • The rest is your unique key identifier

Getting Your API Key

  1. Sign up at amp-protocol.dev
  2. Navigate to your dashboard
  3. Click "API Keys" in the sidebar
  4. Create a new key or copy an existing one

💡 Tip: You can have multiple API keys for different environments (development, staging, production).

Using API Keys

TypeScript / JavaScript

Pass your API key when initialising the client:

import { AMP } from '@amp-protocol/client';

const amp = new AMP({
  apiKey: process.env.AMP_API_KEY,
});

Python

from amp_protocol import AMP
import os

amp = AMP(api_key=os.environ.get("AMP_API_KEY"))

REST API

Include the API key in the Authorization header:

curl https://api.amp-protocol.dev/v1/context \
  -H "Authorization: Bearer amp_sk_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "user_123",
    "task": "build a feature"
  }'

Test Mode vs Live Mode

AMP provides two environments for development and production:

Test Mode

Keys start with amp_sk_test_

  • Free unlimited requests
  • Data is isolated from production
  • Perfect for development and testing
  • Profiles reset monthly

Live Mode

Keys start with amp_sk_live_

  • Production environment
  • Real user profiles and data
  • Metered billing applies
  • Data persists indefinitely

Environment Variables

Store your API keys in environment variables to keep them secure:

.env
# Development
AMP_API_KEY=amp_sk_test_1234567890abcdef

# Production (use different .env.production file)
AMP_API_KEY=amp_sk_live_9876543210fedcba

⚠️ Security Warning:

  • Never commit .env files to version control
  • Add .env to your .gitignore
  • Rotate keys immediately if they're exposed
  • Use different keys for each environment

Key Management Best Practices

Rotation

Rotate your API keys regularly (every 90 days recommended):

  1. Generate a new key in your dashboard
  2. Update your environment variables
  3. Deploy the changes
  4. Delete the old key after confirming the new one works

Scope Limitation

Create separate API keys for different services or team members. This allows you to:

  • Track usage per service
  • Revoke access without affecting other services
  • Set different rate limits per key

Monitoring

Monitor your API key usage in the dashboard:

  • Request volume and rate
  • Error rates
  • Unusual patterns or spikes
  • Geographic distribution of requests

Rate Limits

API keys are subject to rate limits based on your plan:

PlanRequests/SecondMonthly Limit
Starter10 req/s100,000
Pro100 req/s1,000,000
EnterpriseCustomUnlimited

When you exceed rate limits, you'll receive a 429 Too Many Requests response. Implement exponential backoff to handle this gracefully.

Troubleshooting

401 Unauthorized

If you receive a 401 error:

  • Check that your API key is correctly set in environment variables
  • Ensure the Authorization header is properly formatted
  • Verify the key hasn't been deleted or revoked
  • Check that you're using the correct environment (test vs live)

403 Forbidden

If you receive a 403 error:

  • Your key may not have permission for this operation
  • Your account may have restrictions
  • Contact support if the issue persists

Next Steps