Authentication

How to authenticate your API requests.

Bearer Token Authentication

All API requests require a Bearer token in the Authorization header. Generate your API key from the API Keys page.

Required Headers

Name	Type	Required	Description
`Authorization`	string	Required	Bearer token: "Bearer YOUR_API_KEY"
`Content-Type`	string	Required	"application/json" for POST/PUT requests

Key Lifecycle

API keys follow a simple generate → use → revoke lifecycle:

Keys are shown once at generation time — store them securely
Only one key can be active per account
Generating a new key automatically revokes the previous one
Revoked keys return 401 immediately

Authentication Errors

If you receive a 401 error, verify that your API key is correct and has not been revoked. A 403 error means your credit balance is empty — check via GET /usage.

Security Best Practices

Never commit API keys to version control. Use environment variables to store your key. Rotate your key periodically by generating a new one from the API Keys page.