Skip to main content

Model APIs — API key

Every request to /v1/* must include:
Create keys in Console → API Keys. Use live keys in production and test keys for development.

Scopes

Keys are issued with scopes such as runs:write and runs:read. Endpoints enforce required scopes.

Console APIs — bearer token

Console endpoints (/console/v1/*) use the JWT from login:
Obtain tokens via POST /console/v1/auth/login or OAuth. Use Console APIs for dashboard-style management, not for high-volume inference.

Security

  • Never expose API keys in client-side code
  • Rotate keys periodically
  • Revoke compromised keys immediately in the Console