Authentication

All MetoSim API endpoints (except /health and /metrics) require authentication via API key.

Getting an API Key

Sign up at metosim.com
Navigate to Dashboard → API Keys
Click Generate New Key
Copy the key — it's only shown once

Keys are prefixed with mts_ for easy identification.

Using Your Key

HTTP Header (all requests)

Authorization: Bearer mts_your_api_key_here

curl example

curl -X POST https://api.metosim.io/v1/simulations \
  -H "Authorization: Bearer mts_abc123def456" \
  -H "Content-Type: application/json" \
  -d '{"solver": "fdtd", ...}'

Python SDK

# Option 1: Direct
client = metosim.MetoSimClient(api_key="mts_abc123def456")

# Option 2: Environment variable
export METOSIM_API_KEY=mts_abc123def456

client = metosim.MetoSimClient()  # auto-reads env var

Security

Keys are stored as SHA-256 hashes — we never see your plaintext key after generation
All API traffic is encrypted with TLS 1.3
Keys can be revoked instantly from the dashboard
Failed auth returns 401 with no information leakage

Error Responses

Missing key:

// 401 Unauthorized
{
  "detail": "API key required. Include 'Authorization: Bearer <key>' header."
}

Invalid key:

// 401 Unauthorized
{
  "detail": "Invalid API key format."
}

Best Practices

Store keys in environment variables, never in source code
Use separate keys for development and production
Rotate keys periodically
Revoke compromised keys immediately

Getting an API Key​

Using Your Key​

HTTP Header (all requests)​

curl example​

Python SDK​

Security​

Error Responses​

Best Practices​

Getting an API Key

Using Your Key

HTTP Header (all requests)

curl example

Python SDK

Security

Error Responses

Best Practices