Authentication

Every public API request must include an API key in the Authorization header.

Authorization: Bearer sk-your-api-key

Security requirements

Store API keys on your backend only.
Never expose API keys in frontend code.
Rotate keys if they are leaked.
Use separate keys for separate applications or environments.

API key page

Users can create and manage keys here:

Open the API Keys page, then click Create API Key.

Failed authentication

If the key is missing, invalid, or disabled, the API returns:

{
  "code": 401,
  "msg": "authentication failed",
  "data": null
}

Key storage

New keys are stored with a hash and key prefix. Existing legacy keys remain compatible.

Getting Started

Make your first API request with an API key.

Create Task

Create an asynchronous image or video generation task.

On this page

Header Security requirements API key page Failed authentication Key storage