Authentication
All API endpoints require authentication using an API key. Keys are passed via the x-api-key header or Authorization: Bearer header.
Using x-api-key Header
curl -X POST http://localhost:3000/api/v1/example \
-H "x-api-key: sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{"input": "test"}'Using Authorization Header
curl -X POST http://localhost:3000/api/v1/example \
-H "Authorization: Bearer sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{"input": "test"}'API Key Security
- API keys are hashed with SHA-256 before storage — we never store your raw key.
- Keys are shown only once at creation time. Store them securely.
- Revoke compromised keys immediately from the dashboard.
- Use different keys for development and production environments.
Rate Limiting
Rate limits depend on your subscription plan. Limits are applied per API key per minute.
| Plan | Requests/Minute | Monthly Quota |
|---|---|---|
| Free | 60 | 1,000 |
| Pro | 300 | 50,000 |
| Scale | 1,000 | 500,000 |
Rate Limit Headers
Every API response includes rate limit information:
| Header | Description |
|---|---|
X-RateLimit-Remaining | Number of requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the rate limit window resets |