Quickstart

To get started, request a key and run a call to confirm successful connection.

  1. Get a key through the Get a Key page

    2. You will be sent an email with a one-time link containing your API key. All keys are free to use until you make more than 100 calls per day. You will be sent an email outlining our pro plans if you reach this limit.

    Get a key
  2. Use the key with your email address to make an API call

    3. Open terminal or your IDE and paste the example API call:

    
  curl --request POST \
  --url 'https://api.scientificmicroservices.com/detectoutliers' \
  --header 'Content-Type: application/json' \
  --header 'email:YOUR_EMAIL' \
  --header 'key:YOUR_KEY' \
  --data '[10.1727,11.9026,7.9209,9.0841,9.8298,11.345,9.6483,8.9257,8.9788,958.9969,11.1933,12.1186,9.5798,10.0861,10.1675,10.2935,11.2547,10.4636,9.6607,9.7316]'

    If everything worked, the command-line displays the information below.

    
    [{"position":9,"value":958.9969}]

    (In this example ,the DetectOutliers algorithm has determined the number in position 9 of the array (starting from 0) to be an outlier, and showed its value as 958.9969. For more information about this endpoint, see the endpoint description).

You’re now ready to use Scientific Microservices APIs.

Working with keys

Scientific Microservices authenticates your API requests using your account’s API key and email address. These are your only two pieces of identifying data.

If a request doesn’t include a valid key/email pair, Scientific Microservices returns an invalid request error.

If a request includes a deleted or expired key, Scientific Microservices returns an authentication error (see ‘Error handling’ to understand these codes better).

Requesting, deleting, and rotating keys

You can use the Get a key page to create, reveal, delete, and rotate API keys.

Rotating a key revokes it and generates a replacement key. You can rotate a key immediately or schedule a key to rotate after a certain time. Rotate a key in scenarios such as the following examples:

  • If you’re in live mode and you lose a key.
  • If a key is compromised, you need to revoke it to block any potentially malicious API requests that might use it.
  • Your policy requires rotating keys at certain intervals.
You can currently rotate your key by submitting a new request on the Get a key page with the email address of the key you want deactivated. The old key will be deactivated and a new key sent to your email address. If you wish to be removed from our records completely, please email info@scientificmicroservices.com

Keep your keys safe

Anyone can use your live API key and email to make any API call on behalf of your account. Keep your keys safe by following the API keys best practices. Secret API keys are a form of account credentials, like a username and password. If bad actors obtain a secret key, they can use it to harm your business.

Scientific Microservices users own the responsibility of keeping API keys safe. If you discover your key has been exposed, ensure you rotate it immediately using our Get a Key page

Protect against compromised API keys

Take the following actions to protect against compromised secret keys:

  • Use secure key management systems (KMS) to store secret keys:

    • When you create a live secret key from the Scientific Microservices site, you’ll only see it one time. Immediately copy the key to a KMS, which handles sensitive information with encryption and access controls. Make sure you don’t leave a copy of the key in the local file.

  • Grant access only to those who need it:

    • Define a clear policy about which users have permission to create, update, or read keys. Limit the access only to those who need it. Audit the access periodically to avoid excess privilege on keys.

  • Don’t share secret keys insecurely:

    • Don’t share keys in emails, chat messages, or customer support messages. Scientific Microservices never asks you for your API key.

  • Don’t store keys in source code repositories (such as GitHub):

    • Fraudulent actors might scan public source repositories for API keys. Even if the source repository is private, it could be shared with team members on their development environments.

  • Don’t embed secret keys in applications:

    • Fraudulent actors can exploit secret keys by matching a certain string pattern in the application. Avoid embedding keys in applications such as client tools, SDKs, and mobile apps.

  • Exercise your ability to roll your API Keys:

    • Defining and exercising a process for rolling keys helps you understand where your keys are being used and prepares your organization in the event your API key is compromised. By having key rolling processes in place, you can respond to a compromised API key event with a minimum of impact on your business.

  • Regular training and updating documentation:

    • Maintain up-to-date documentation about how to handle secret API keys within your organization and host regular training sessions to make sure best practices are followed.

Error Handling

The API uses standard HTTP status codes. Error responses contain a machine-readable code and human-readable message.

Code Status Message Notes
400 invalid_payload "Invalid or missing 'data' field" Check the URL of the api in your request, and that the json data submitted is correctly formed.
401 unauthorized "Invalid API key" Check your key is sourced correctly, and you are subscribed to the API.
429 request_limit "Too many requests" Contact us to subscribe to a Pro or Ultra key
500 internal_error “Internal Server Error” Check content type is ‘application/json’, and the data is a correctly formed json

Rate limits

Plan Requests per minute Requests per month
Free 60 600 (20/day)
Pro 6000 10,000
Ultra 60000 Unlimited

For more information about pricing, see the Get a Key page.

Start Building

An example product page from an online store

Improve your product page

A pile of money next to the Google Ads logo

Reduce your ads budget

A line of manufacturing robots

Protect advanced machinery