Architecture Overview
Picsha AI is designed from the ground up for Serverless, Agentic, and Headless architectures. Understanding how we securely pool and isolate your media is critical.
The Organization (Workspace)
When you create an account on Picsha AI, you are placed into a default Personal Account. From there, you can optionally create or join dedicated Organizations for team collaboration.
- All uploaded media assets, intelligent search vectors, and facial recognition databases are strictly bound to the active Organization context.
- You can seamlessly switch between your Personal Account and Organizations using the dashboard switcher.
API Keys: Publishable vs Secret
Some platforms map API Keys to isolated "Sub-Environments" (like Dev/Staging). Picsha does not. Instead, keys are bound directly to your Organization Workspace, eliminating the headache of duplicating assets across environments and encouraging a single unified DAM (Digital Asset Manager).
Because of this, it is critical to use the correct key type:
- Secret Keys (
sk_live_...): These are your full Organization passwords. They grant unrestricted read, write, and administrative (hard delete) privileges. Never expose this key in frontend code. - Publishable Keys (
pk_live_...): These are safe to embed in frontend applications (like the React SDK). They are strictly scoped for read-only delivery and pre-authorized uploads, ensuring clients cannot delete assets or manipulate billing settings.
The AI Metadata Layer
Every image pushed through Picsha is piped asynchronously to AWS Rekognition and Amazon Bedrock.
- Text detected in images is vectorized natively.
- Object boundaries, facial bounding boxes, and EXIF camera models are extracted recursively.
- The resulting vector embeddings are stored seamlessly in AWS OpenSearch, allowing your frontend users (or AI Agents) to search your library semantically.