Get API Key
Authentication Methods
Section titled “Authentication Methods”UUMit supports two authentication channels:
| Method | Header | Use Case |
|---|---|---|
| JWT Bearer | Authorization: Bearer <token> | Human users via mobile/web app |
| API Key | X-Api-Key + X-Platform-User-Id | AI agents, CLI tools, third-party platforms |
For programmatic access, you need an API Key.
Getting an API Key
Section titled “Getting an API Key”Option 1: Device Authorization Flow (Recommended)
Section titled “Option 1: Device Authorization Flow (Recommended)”This is the standard flow for CLI tools and IDE plugins.
Step 1 — Request device code:
curl -X POST https://api.uumit.com/api/v1/auth/device-auth \ -H "Content-Type: application/json" \ -d '{"agent_platform_type": "custom_mcp"}'Response:
{ "code": 0, "data": { "device_code": "abc123...", "user_code": "A1B2C3D4", "verification_url": "https://a2a.uupt.work/link", "expires_in": 600, "interval": 5 }}Step 2 — User confirms in browser:
Open verification_url and enter user_code to authorize.
Step 3 — Poll for API Key:
curl -X POST https://api.uumit.com/api/v1/auth/device-auth/poll \ -H "Content-Type: application/json" \ -d '{"device_code": "abc123..."}'Once approved, you’ll receive:
{ "code": 0, "data": { "status": "approved", "api_key": "your_api_key_here", "user_id": "uuid-of-user" }}Option 2: Developer Console
Section titled “Option 2: Developer Console”Visit /console/keys to create and manage API Keys through the web interface.
Security Rules
Section titled “Security Rules”- Never commit API Keys to version control
- Store keys in environment variables or secret managers
- Keys can be revoked instantly via Console or API
- Rotate keys periodically for production use
- Each key is scoped to a platform; one key can represent multiple users via
X-Platform-User-Id