ApexApiApexApi
Sign In

Authentication

All API requests require authentication using an API key passed in the Authorization header.

API key format

ApexApi keys are 48-character strings prefixed with ak-. Keys are generated cryptographically and hashed with SHA-256 before storage. We never store your raw key.

ak-1234567890abcdef1234567890abcdef12345678901234ab

Using your API key

Pass your API key in the Authorization header as a Bearer token:

Authorization: Bearer ak-your-key-here

Example request

curl https://api.apexapi.dev/v1/chat/completions \
  -H "Authorization: Bearer ak-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{"model": "openai/gpt-4o", "messages": [{"role": "user", "content": "Hi"}]}'

Key management

Creating keys

Create keys from the dashboard under API Keys. You can create multiple keys and give each a descriptive name (e.g., “production”, “development”). The full key is only shown once at creation time.

Revoking keys

If a key is compromised, revoke it immediately from the dashboard. Revoked keys are rejected instantly. Create a new key to replace it.

Key scoping

Each key is tied to your account. All keys share the same credit balance and rate limits. Use separate keys per environment to track usage and revoke independently.

Security best practices

  • Never commit API keys to version control or share them publicly.
  • Use environment variables to store keys in your application.
  • Use separate keys for development and production environments.
  • Rotate keys periodically by creating a new key before revoking the old one.
  • Never use API keys in client-side code. Proxy requests through your backend.

Authentication errors

If your key is missing, invalid, or revoked, the API returns a 401 status:

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided.",
    "code": "invalid_api_key"
  }
}