Skip to main content

Documentation Index

Fetch the complete documentation index at: https://evalgate.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

API authentication — Bearer tokens

Authenticate Evalgate API requests with a Bearer token. Find your key, set env vars, and handle 401 and 403 errors from the REST API.
Every Evalgate API request — except GET /api/mcp/tools — must include a bearer token. The token identifies your account, determines which organization’s data you can access, and enforces the rate limits for your plan tier.

Add the authorization header

Include your API key in the Authorization header on every request: 
curl https://evalgate.com/api/evaluations \
  -H "Authorization: Bearer YOUR_API_KEY"
Requests without this header, or with an invalid key, receive a 401 Unauthorized response.

Get your API key

  1. Open the Developer Dashboard.
  2. Go to Settings → API Keys.
  3. Create a new key or copy an existing one.
Treat your API key like a password. Do not commit it to version control. Store it in an environment variable or secret manager and pass it at runtime.

Environment variables

The TypeScript and Python SDKs read these environment variables automatically:
VariableDescription
EVALGATE_API_KEYYour API key — required for authenticated requests
EVALGATE_ORGANIZATION_IDYour numeric organization ID — used when the SDK constructs requests on your behalf
Set them in your shell or .env file: 
export EVALGATE_API_KEY=your-api-key
export EVALGATE_ORGANIZATION_ID=123
When calling the REST API directly, pass the organization ID in the request body or as a query parameter where the endpoint requires it.

Authentication errors

401 Unauthorized
UNAUTHORIZED
Your request did not include an Authorization header, or the key is invalid, expired, or revoked. Check that you copied the full key and that it has not been deleted in the dashboard.
403 Forbidden
FORBIDDEN / NO_ORG_MEMBERSHIP
Your key is valid but lacks the required permissions for this resource. This can mean the key does not have the necessary scopes, or the key does not belong to the organization that owns the requested resource. NO_ORG_MEMBERSHIP is returned when the authenticated user is not a member of the target organization.
Both errors follow the standard error envelope: 
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Unauthorized",
    "details": null,
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}

Anonymous endpoint

GET /api/mcp/tools does not require authentication. It returns the list of available MCP tools and their input schemas for any caller. All other MCP endpoints, including POST /api/mcp/call, require a valid bearer token.
If you are integrating Evalgate with an AI agent or IDE assistant via MCP, the tool discovery call is public, but the tool execution call uses your API key. Configure your MCP client with Authorization: Bearer YOUR_API_KEY for execution requests.