Authentication
All API endpoints require authentication using an API key in the X-API-Key header.
Headers
Every request to the API must include the following header:
X-API-Key: YOUR_API_KEY
Example Request
curl -X GET https://orchestrator.helloblair.com/api/v1/calls \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json"
Getting an API Key
- Log in to app.helloblair.com
- Navigate to Settings (click your profile at the bottom left) → API Keys
- Generate a new API key for your organization
- Store the key securely - it won't be shown again
Security Best Practices
- Never expose API keys in client-side code (browser JavaScript, mobile apps)
- Store keys in environment variables or secure key management systems
- Rotate keys regularly for enhanced security
- Use different keys for development, staging, and production environments
Error Response
Authentication failures return:
{
"statusCode": 401,
"message": "Invalid API key",
"error": "Unauthorized"
}
Troubleshooting
If you receive a 401 Unauthorized error:
- Verify your API key is correctly copied and included in the X-API-Key header
- Check the endpoint URL is correct (https://orchestrator.helloblair.com/api/v1/...)
- Confirm your API key hasn't been revoked in the settings
- Test with a simple endpoint like GET /api/v1/patients to isolate the issue
Important Notes
- API keys grant full access to all resources in your organization
- API keys are tied to organizations, not individual users
- Each organization can have multiple API keys