Model APIs — API key
Every request to/v1/* must include:
live keys in production and test keys for development.
Scopes
Keys are issued with scopes such asruns:write and runs:read. Endpoints enforce required scopes.
Console APIs — bearer token
Console endpoints (/console/v1/*) use the JWT from login:
POST /console/v1/auth/login or OAuth. Use Console APIs for dashboard-style management, not for high-volume inference.
Security
- Never expose API keys in client-side code
- Rotate keys periodically
- Revoke compromised keys immediately in the Console