Authentication
How to authenticate requests to the Aivene API with an API key.
Every request to the Aivene API must include an API key in the Authorization
header. Keys are issued through the Console and can be revoked any time.
Need an API key?
Generate a new API key from Manage API Keys. Each key has its own scopes and rate limit.
Keys carry spend - not just permissions
Every successful request through a key subtracts dollars from your account balance, and each key can have its own spending cap and rate limit. If you have not yet, read How billing works so you understand what a leaked key (or a runaway loop) can actually cost you.
Bearer token
Header format: Authorization: Bearer <YOUR_API_KEY>.
curl https://api.aivene.com/v1/chat/completions \
-H "Authorization: Bearer $AIVENE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o-mini",
"messages": [{ "role": "user", "content": "Hello" }]
}'Server-side only
API keys must not be exposed to the browser. Always proxy requests through your own backend. If a key leaks into a public repo, revoke it immediately from Manage API Keys.
Never commit your key
Add .env to .gitignore and store production keys in a secret manager
(Vault, AWS Secrets Manager, Doppler, and so on).
Scopes
Each API key can be scoped to specific endpoints so the blast radius is small if a key ever leaks.
| Scope | Access |
|---|---|
chat:read | Read-only access to chat completions |
chat:write | Can send chat completion requests |
embeddings:write | Generate embeddings |
images:write | Generate images |
Rotation
Best practice: rotate keys every 90 days. Create the new key, deploy it, then revoke the old one so there is no downtime.
Error responses
All auth errors return status 401 with the following body:
{
"error": {
"type": "authentication_error",
"message": "Invalid API key"
}
}| Code | Meaning |
|---|---|
401 | API key invalid or expired |
403 | Key is valid but missing the required scope |
429 | Per-key rate limit exceeded |
Next steps
- Learn about rate limits per tier.
- Configure quotas and alerts from the Console.