Authentication & BYOK
Overview
Section titled “Overview”All BiomAPI endpoints are publicly accessible — authentication is optional and provides higher rate limits, not access control.
| Scenario | Rate limit |
|---|---|
| No key | Per-IP daily limits (30 BiomAI calls/day) |
| BiomAPI key | Per-user custom quotas |
| BYOK Gemini key | Unlimited BiomAI (your Gemini quota), separate bucket |
| Both keys | Your Gemini quota + custom retrieve quota |
BiomAPI key
Section titled “BiomAPI key”Pass your key as a Bearer token or query parameter:
# Bearer token (recommended)curl -H "Authorization: Bearer biom_your_key_here" ...
# Query parametercurl "https://biomapi.com/api/v1/biom/process?api_key=biom_your_key_here" ...Key format: biom_ + 43 random base64url characters (256-bit entropy). GitHub Secret Scanning compatible.
Check your usage
Section titled “Check your usage”curl -H "Authorization: Bearer biom_your_key" \ https://biomapi.com/api/v1/biom/usageBYOK — Bring Your Own Gemini Key
Section titled “BYOK — Bring Your Own Gemini Key”Supply your own Google Gemini API key to use your personal quota. The server’s shared BiomAI quota is not consumed.
curl -X POST https://biomapi.com/api/v1/biom/process \ -H "X-Gemini-API-Key: AIza_your_gemini_key" \ -F "file=@report.pdf"BYOK details:
- Applies to
POST /api/v1/biom/process(PDF/image files only) - Ignored for JSON uploads — BiomJSON doesn’t call the LLM
- Tracked under the
biomai_byokrate limit bucket (separate frombiomai) - Validate your key:
GET /api/v1/biom/usage?validate=true
Rate limit windows
Section titled “Rate limit windows”All limits use a 24-hour sliding window (not a midnight reset). Usage timestamps roll off 24 hours after they were recorded.
See Rate Limits for full details.