Menu
  1. Home
  2. Knowledge-base
  3. Ai-agent
  4. Prerequisites & Security
a financially savvy man smiling while on his laptop

Prerequisites & Security

HomeKnowledge BaseSaaS AI AgentPrerequisites & Security

Required Information from Us

Before integrating with the production agent, you must obtain the following from our team:

1. API Credentials

Item Description Example How to Obtain
API Key Unique key for authentication AIzaSyD... Contact: support@1nebula.com
Customer ID Your unique customer identifier customer-acme-corp Provided during onboarding
Gateway URL Production endpoint https://api.stactize.com/ Provided during onboarding

2. User Identification Headers

For proper cost tracking and analytics, include these headers in your requests:

Header Required Description Example
x-api-key Yes Your API key for authentication AIzaSyD...
x-user-id Recommended End-user identifier for tracking user-12345
x-user-name Optional End-user display name john.doe@company.com
x-customer-id Optional Your customer ID (if different from API key) customer-acme-corp

Important: The x-user-id header allows us to:

  • Track usage per end-user
  • Provide detailed analytics
  • Allocate costs accurately
  • Enable user-specific quotas

3. Service Configuration

Configuration Description Default Notes
Rate Limit Requests per day per API key 100 Can be increased based on plan
Timeout Maximum request duration 300 seconds For complex research queries
IP Restrictions Allowed IP addresses (optional) None Recommended for production
Quota Monthly request allocation Varies by plan Monitor usage regularly

Security Requirements

Before Going Live

1. API Key Security

  • Store API keys securely (environment variables, secrets manager)
  • Never commit API keys to version control
  • Use different keys for dev/staging/production
  • Rotate keys every 90 days

2. Network Security

  • Use HTTPS only (HTTP is blocked)
  • Implement IP whitelisting if possible
  • Use VPC/private networking when available

3. Request Validation

  • Validate and sanitize user inputs
  • Implement request size limits
  • Add timeout handling on client side

4. Compliance

  • Ensure GDPR compliance for user data
  • Implement data retention policies
  • Log only necessary information (never log full API keys)

Related articles

Getting Started
Integration Methods
Authentication & Authorization
OAuth 2.0 Authentication
Dynamic Client Registration