Authentication
The Treeship API uses Bearer token authentication. You need an API key to create attestations.
Getting an API Key
Step 1: Request Verification Code
curl -X POST https://api.treeship.dev/v1/keys/request \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com"}'
{
"message": "Verification code sent to you@example.com",
"expires_in": 600
}
Step 2: Verify and Get Key
Check your email for the 6-digit code, then:
curl -X POST https://api.treeship.dev/v1/keys/verify \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com", "code": "123456"}'
{
"api_key": "ts_live_a1b2c3d4e5f6...",
"key_id": "key_abc123",
"created_at": "2026-02-23T10:00:00Z"
}
Save your API key immediately. It’s only shown once.
Using Your Key
Include the API key in the Authorization header:
curl -X POST https://api.treeship.dev/v1/attest \
-H "Authorization: Bearer ts_live_..." \
-H "Content-Type: application/json" \
-d '{"agent_slug": "my-agent", "action": "...", "inputs_hash": "..."}'
Python SDK
from treeship_sdk import Treeship
# From environment variable (recommended)
ts = Treeship() # reads TREESHIP_API_KEY
# Or explicit
ts = Treeship(api_key="ts_live_...")
CLI
# Environment variable
export TREESHIP_API_KEY=ts_live_...
treeship attest --action "..." --inputs-hash "..."
# Or configure once
treeship config set api-key ts_live_...
Key Management
Check Key Info
curl https://api.treeship.dev/v1/keys/info \
-H "Authorization: Bearer $TREESHIP_API_KEY"
{
"key_id": "key_abc123",
"email": "you@example.com",
"created_at": "2026-02-23T10:00:00Z",
"attestations_today": 42,
"rate_limit": 1000
}
Revoke Key
curl -X DELETE https://api.treeship.dev/v1/keys \
-H "Authorization: Bearer $TREESHIP_API_KEY"
Rate Limits
| Tier | Attestations/Day | Attestations/Minute |
|---|
| Free | 1,000 | 100 |
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 958
X-RateLimit-Reset: 1640995200
Error Responses
| Status | Code | Meaning |
|---|
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key revoked or rate limited |
| 429 | rate_limited | Too many requests |
{
"detail": "Invalid API key"
}
Best Practices
Use Environment Variables
Never hardcode keys. Use TREESHIP_API_KEY.
Rotate Keys
Generate new keys periodically.
Separate Environments
Different keys for dev, staging, prod.
Monitor Usage
Check /keys/info regularly.
