Authentication
All API requests require authentication using an API key.
API Keys
API keys are created in your dashboard. Each key starts with sk- and should be kept secret.
sk-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0...
Using Your API Key
Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEYSecurity Best Practices
✓
Keep keys secret
Never commit API keys to version control or expose them in client-side code.
✓
Use environment variables
Store API keys in environment variables, not in your source code.
✓
Rotate keys regularly
Create new keys and revoke old ones periodically for better security.
✓
Use separate keys
Create different keys for development, staging, and production environments.
Authentication Errors
| Code | Error | Description |
|---|---|---|
401 | invalid_api_key | API key is missing or invalid |
401 | expired_api_key | API key has expired |
429 | rate_limit_exceeded | Too many requests. See rate limits. |