Skip to main content
All Wu-Weism API endpoints require an authenticated session. Unauthenticated requests return 401 Unauthorized.

Browser sessions

When you sign in at wuweism.com, your session is established automatically. All API requests made from the browser include your session credentials — no extra setup required.

Programmatic access

To call the API from outside a browser (scripts, automation, server-side integrations), include your session token in every request:
1

Sign in to your account

Go to wuweism.com and sign in with your email and password.
2

Obtain your session token

After signing in, retrieve your access token from your account settings under API Access, or from the session cookie set by your browser (sb-access-token). You can also use the Supabase client library to sign in programmatically and receive the token in the response.
3

Pass the token on every request

Include the token in the Authorization header:
4

Refresh the token before it expires

Session tokens are short-lived. Refresh your token before it expires to avoid 401 Unauthorized errors mid-session. Your auth library will handle this automatically if you use the SDK to sign in.

Example request

Request headers

Authorization
string
required
Your Wu-Weism session token, formatted as Bearer <token>. Required on every API request.
X-BYOK-Api-Key
string
Your own AI provider API key (Anthropic, OpenAI, or Gemini). Optional. When provided, Wu-Weism uses this key for the underlying model call. See BYOK keys below.

BYOK AI provider keys

Causal chat and related AI-powered endpoints support Bring Your Own Key (BYOK). Pass your AI provider’s API key in the X-BYOK-Api-Key header to use your own account quota and billing. Supported providers and their providerId values:
Session token vs. BYOK key — these are two different credentials.
  • Authorization: Bearer <token> — your Wu-Weism session token. This authenticates you to the Wu-Weism platform.
  • X-BYOK-Api-Key: <key> — your API key from Anthropic, OpenAI, or Google. This is forwarded directly to the AI provider. Wu-Weism does not store this key beyond the duration of the request.

Error responses

Do not share your session token or BYOK keys. Treat them as passwords. If a token is compromised, sign out of all sessions from your Wu-Weism account settings to invalidate it.