Skip to main content
The Better Data LLM Gateway API uses standard HTTP headers to verify the identity and permissions of its clients.

API Keys

For server-to-server communication or when using a self-hosted gateway with a predefined key list. Header: 
Authorization: Bearer YOUR_API_KEY
You can configure these keys in your LLMGateway Configuration.

Session IDs

To maintain state in a conversational context, include a X-Session-Id header. This allows the gateway to link the request to a specific user’s cart and history. Header: 
X-Session-Id: unique_session_string_123

Better Data Cloud Keys

If you are using the Hosted Gateway, you must use your Cloud API keys generated in the dashboard. These keys are scoped to your specific account and entitlements. When transferring a session from an AI (like Claude) to a web storefront, the gateway generates a short-lived, single-use Secure Link Token. This token is passed as a query parameter and automatically upgraded to a full session cookie by the storefront. Example Link: 
https://mystore.com/checkout?token=st_abc123

Best Practices

  • Never Expose Secret Keys: Use Public Keys for frontend tool discovery and Secret Keys only for backend tool execution.
  • Environment Variables: Always store your keys in secure environment variables, never hardcode them in your source.
  • HTTPS Only: All API requests must be made over TLS 1.2 or higher.