Docs / Getting started

Authentication

Every API request authenticates with a Bearer key. Keys are created in the dashboard and start with sk_live_.

The header

header

Authorization: Bearer sk_live_8c1f4a2e9b7d3f6a

For quick GET tests you can also pass ?api_key=sk_live_… as a query parameter — but prefer the header so keys never land in server logs or browser history.

Key lifecycle

▸Shown once. The full key appears exactly once at creation. We store only a hash — if you lose it, regenerate.
▸Regenerate revokes the old key and issues a new one atomically — calls with the old key fail immediately with 401.
▸Multiple keys (Pro: 3, Scale: 10) let you split environments or clients; all keys share the account quota.
▸Same key everywhere — REST today, the MCP server the day it ships.

Rate limits

Each key is limited to your plan's requests/second (1 / 5 / 10 / 20). Past the limit you get 429 rate_limited with a Retry-After header — wait that long and retry. Monthly quota is separate; see Errors for quota_exceeded.

Auth failures

401 · application/json

{
  "error": {
    "code":    "unauthorized",
    "message": "Invalid or revoked API key."
  }
}