Skip to main content
Every request to /api/public/v1/ must carry an API key in one of two places:
  • Authorization: Bearer <key> header (preferred)
  • X-API-Key: <key> header (alternate)
The bearer header is strongly preferred — some API clients auto-strip X-API-Key on redirects.

API key scope

Public API keys must have the platform:adapter scope. Keys scoped to other roles (admin, scoring, etc.) will be rejected with 401 Not authenticated even if the key itself is valid. You generate and manage platform:adapter keys from the Platform dashboard after registering your community server. See Onboarding: API keys for the step-by-step process.

X-Adapter-* identity headers

Beyond the API key, every request that acts on behalf of a user or community must carry the X-Adapter-* identity headers:
HeaderRequiredDescription
X-Adapter-Platform-TypeYesPlatform identifier, e.g. discourse
X-Adapter-Platform-User-IDContext-dependentExternal user ID on the platform
X-Adapter-Platform-Server-IDContext-dependentExternal community/server ID on the platform
These headers tell Open Notes which platform identity to resolve for the current request. Omitting a required header returns 422 Unprocessable Entity. See Concepts: Headers and auth for the full specification.

Auth failure responses

StatusMeaning
401 Not authenticatedMissing or invalid API key
403 ForbiddenKey is valid but lacks platform:adapter scope
422 Unprocessable EntityRequired adapter header is absent or malformed
All error bodies follow the error envelope described in Conventions.

Example request

GET /api/public/v1/requests HTTP/1.1
Host: api.opennotes.ai
Authorization: Bearer on_pub_...
X-Adapter-Platform-Type: discourse
X-Adapter-Platform-Server-ID: 12345