Use API Keys in Clients

Clients to the Private AI Services Container must send a valid API key if the service has PRIVATE_AI_AUTHENTICATION_ENABLED set to true.

The following command shows how clients can make API requests to prevent an "invalid API key" error:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Bearer [API_KEY]' -d '{ \
  "model": "all_minilm_v6",
  "input": [ \
      "The quick brown fox jumped over the fence.", \
      "Another test sentence" \
  ] \
}' http://localhost:9091/v1/embeddings

You can then configure the database to use the API key to communicate with the Private AI Services Container. A user with the CREATE CREDENTIAL privilege can create a credential using the CREATE CREDENTIAL helper procedure of the DBMS_VECTOR PL/SQL package.

Note that the value of access_token in the following command is for example purposes. In practice the value should exactly match the API Key used by the container.

declare
  jo json_object_t;
begin
  jo := json_object_t();
  jo.put('access_token', 'A1Aa0abA1AB1a1Abc123ab1A123ab123AbcA12a');
  dbms_vector.create_credential(
    credential_name   => 'PRIVATEAI_CRED',
    params            => json(jo.to_string));
end;
/

Once the credential is created, it can be added as part of the call to UTL_TO_EMBEDDING.

-- declare embedding parameters

var params clob;

begin
 :params := '
{ 
  "provider": "privateai",
  "credential_name": "PRIVATEAI_CRED", 
  "url": "https://hostname:8443/v1/embeddings",
  "model": "all-mpnet-base-v2"
}';
end;
/

-- Get the embeddings
select dbms_vector.utl_to_embedding('Hello world', json(:params)) from dual;