Apps and Authentication

Every Aomi-powered assistant runs inside an App. This page explains how Apps, API keys, and sessions work together to provide isolated, authenticated access to your AI assistant.

What is an App?

An App is a self-contained AI assistant environment. It encapsulates:

ComponentDescriptionExample
ToolsThe API-backed functions the assistant can callGetTokenPrice, ExecuteTrade
PreambleThe system prompt defining personality and rules"You are the MyCoinDex assistant..."
Model configDefault LLM and available alternativesClaude Sonnet, GPT-4o
RAG docsOptional document store for domain knowledgeMyCoinDex FAQ, API docs

Each App maps to an AomiApp -- the backend construct that bundles these components:

Apps are fully isolated. MyCoinDex's tools and configuration have no visibility into other Apps.

API Keys

API keys are issued by Aomi and scoped to one or more Apps.

Key Properties

PropertyDescription
ScopedEach key authorizes access to specific Apps
Stored securelyKeys are hashed and stored in the database
RevocableKeys can be deactivated without affecting the App

How Keys Are Used

Include the API key in the X-API-Key header on every request. The app query parameter specifies which App to use:

curl -X POST https://api.aomi.dev/api/chat?app=mycoindex \
  -H "X-API-Key: sk-mcd-a1b2c3d4e5f6" \
  -H "X-Session-Id: 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -d '{"text": "What is the price of ETH?"}'

Key Scoping

A single key can authorize multiple Apps:

Key: sk-mcd-a1b2c3d4e5f6
Authorized: ["mycoindex", "mycoindex-staging"]

Or an App can have multiple keys (e.g., production vs. development):

Key: sk-mcd-prod-...  → ["mycoindex"]
Key: sk-mcd-dev-...   → ["mycoindex-staging"]

Authentication Flow

Step by Step

  1. Client sends a request with X-API-Key and X-Session-Id headers.
  2. Backend looks up the API key in the database.
  3. Backend checks if the key authorizes the requested App (from the ?app= query parameter).
  4. If authorized, the request proceeds to the appropriate AomiApp.
  5. If not, the request is rejected with a 401 or 403 status.

Sessions

Sessions represent conversation threads. They are identified by a UUID sent in the X-Session-Id header.

Session Properties

PropertyDescription
IDClient-generated UUID
MessagesFull conversation history
Wallet bindingOptional association with a wallet address (public key)
Processing statusIdle, processing, or interrupted

Session Lifecycle

Sessions are loaded using a three-tier strategy:

  1. Memory cache -- check if the session is already active in memory.
  2. Database -- load persisted session from PostgreSQL.
  3. Create new -- if not found, create a fresh session.

Wallet Binding

Sessions can optionally be associated with a wallet address. This enables:

  • Cross-session context (the assistant knows the user's wallet)
  • Wallet-aware tool calls (portfolio queries scoped to the user)
  • Persistent history tied to a public key
Session: 550e8400-e29b-41d4-a716-446655440000
Wallet:  0x742d35Cc6634C0532925a3b844Bc9e7595f2bD68
Chain:   Ethereum (1)

Default App

Aomi provides a default App that is accessible without an API key. This is useful for:

  • Public demos
  • Evaluation and testing
  • Development before you receive your production key

The default App has general-purpose tools but no custom configuration. For production use, always use a scoped API key with your own App.

Headers Reference

HeaderRequiredDescription
X-API-KeyFor non-default AppsYour Aomi API key
X-Session-IdYesUUID identifying the conversation session
Content-TypeFor POST requestsapplication/json

Next Steps

  • API Reference -- full endpoint documentation with request/response formats.
  • Sessions -- deep dive into session management, threads, and persistence.
  • Quickstart -- get a working integration in 5 minutes.

On this page