PII Detection & Redaction API/Docs/Authentication

Authentication

API keys, bearer tokens, and rotation.

API keys

Savitar uses bearer tokens. Send every request with an Authorization: Bearer <key> header. Keys are environment-scoped — a test key cannot call live endpoints, and vice versa.

Rotate keys from the dashboard. Old keys remain valid for 24 hours after rotation to give you time to redeploy.

curl https://api.savitar.dev/v1/redact \
  -H "Authorization: Bearer $SAVITAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "text": "..." }'

OAuth 2.0 (coming soon)

OAuth 2.0 with PKCE is available for multi-tenant apps that need to act on behalf of end users. Reach out to sales to enable it on your account.

JWTs for service-to-service

On Enterprise plans, sign short-lived JWTs with your tenant's public key. This avoids storing long-lived secrets in CI or workflow runners.