Authentication

Jabrod uses two types of authentication depending on what you are trying to do:

Session Authentication: Used for dashboard operations (creating pipelines, adding data sources). This is handled automatically by the web application.
API Key Authentication: Used exclusively for querying a specific pipeline via the /api/rag/query endpoint.

RAG Query API Keys

To query a pipeline from your own application, you must use a RAG API key.

Getting an API Key

API keys are scoped to specific pipelines. To get one:

Navigate to your Pipeline

Go to agent.jabrod.com, open Pipelines, and select your pipeline.

Go to API Keys

Click on the API Keys tab.

Create Key

Click Create Key, give it a name, and copy the key.

Your API key is only shown once. Store it securely! It starts with the prefix rag_.

Using Your API Key

Include your API key in the Authorization header when calling the query endpoint:

curl -X POST "https://api.jabrod.com/api/rag/query" \
  -H "Authorization: Bearer rag_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"query": "Your search query"}'

Security Best Practices

Never expose keys in client-side code

API keys should only be used in server-side code (e.g., your backend server, Next.js API routes). Never include them in frontend JavaScript where users can see them.

Use environment variables

Store API keys in environment variables (.env), not in your codebase.

Key Scoping

A rag_ key only grants access to query the specific pipeline it was created for. It cannot be used to modify pipelines, delete data, or query other pipelines.

Quick Start RAG Pipelines

​Authentication

​RAG Query API Keys

​Getting an API Key

​Using Your API Key

​Security Best Practices

Authentication

RAG Query API Keys

Getting an API Key

Using Your API Key

Security Best Practices