Getting Started with the Shiro API

The Shiro API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

The Shiro API doesn’t support bulk updates. You can work on only one object per request.


The Shiro API uses API keys to authenticate requests. Note that we also allow users to store LLM Provider API Keys, so don't confuse the two. In this article, I will be referring to Shiro API keys for using the Shiro API.

Your Shiro API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Managing Shiro API Keys

You can view and manage your Shiro API keys in the Shiro Dashboard. To create a new API key choose "Profile" from the dropdown menu under your name, then click the "API" tab:

Manage API Keys

When viewing your API key, you will see a sample curl request using the token as the authorization bearer:
API Key Details

Sample curl request: \
-H "Accept: application/json" \
-H "Authorization: Bearer cXFroMHihK7tiuf6ibWH4iGP"

API Documentation

To view the specific endpoints and details please view the Shiro API Documentation

Subscribe to our newsletter

The latest prompt engineering best practices and resources, sent to your inbox weekly.