New features
Multi-tenant API keys Aether Citadel now supports multiple tenants out of the box. Each tenant gets a uniqueack_live_* API key, and usage is tracked per-tenant. See Authentication.
Self-serve sign-up via Lemon Squeezy
You can now purchase a Citadel Starter or Pro plan directly from aethercitadel.lemonsqueezy.com. Your API key is delivered to your inbox within seconds of checkout — no manual provisioning required.
Tenant usage endpoint
A new GET /v1/tenant/usage endpoint returns your current month’s request count, plan tier, and remaining quota. See the Usage API reference.
Rotate your API key
Compromised key? Rotate it instantly with POST /v1/tenant/rotate-key. The old key is invalidated immediately. See the Rotate Key API reference.
Updates
Per-tenant rate limiting All/v1/* endpoints are now protected by a 100 req/min token bucket. Exceeding the limit returns a clean 429 Too Many Requests so you can back off gracefully.
Request correlation IDs
Every response now includes an X-Request-Id header. Include it when reaching out to support and we can trace your call end-to-end.
Configurable CORS
Browser-based apps can now call the Citadel API directly. Allowed origins are configurable per deployment.
Graceful shutdown and faster timeouts
The API drains in-flight requests on deploy, so you won’t see dropped connections during rolling updates. Connect timeouts are now 5s and request timeouts 30s, preventing hung calls.
SDK retries with backoff
The Dart bridge SDK now retries transient 5xx and network failures up to 3 times with exponential backoff and jitter. 4xx errors still fail immediately.
Stricter input validation
Intent generation now rejects malformed user tokens (empty, too short, too long, non-ASCII, or containing control characters) with a clear 400 before the request hits downstream systems.
Production endpoint live
The API is now serving from https://api.aethercitadel.cloud with HTTPS, security headers, and a public health check at /health.
Bug fixes
- Timing-attack hardening: API key comparison is now constant-time, eliminating a side-channel that could be used to guess keys byte-by-byte.
- AI connector validation: Hardened the AI response path to reject malformed or unexpected output before it reaches your application.