All requests to the llm.kiwi API must be authenticated using an API key. This ensures secure access and provides reliable usage tracking for your account.
API Keys
Your API keys are the primary way to authenticate with llm.kiwi. You can manage your keys in the Developer Dashboard.
Keep your API keys confidential. Do not share them in public repositories, client-side code, or insecure environments.
sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Using Your API Key
Include your API key in the Authorization header of every HTTP request.
The API uses the standard Bearer token authentication scheme.
Authorization: Bearer YOUR_API_KEY
Examples
curl https://api.llm.kiwi/v1/chat/completions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "default",
"messages": [{"role": "user", "content": "Hello!"}]
}'
Security Best Practices
To keep your account and data secure, follow these industry-standard security practices:
- Environment Variables: Never hardcode API keys. Use
.env files or secret management systems.
- Server-Side Only: Access the API from your backend. Client-side requests expose your key to users.
- Key Rotation: Delete and regenerate keys periodically to minimize the impact of potential leaks.
- Scoped Access: Use different keys for development, staging, and production environments.
Authentication Errors
If there is an issue with your credentials, the API will return a 401 Unauthorized response.
| Error Code | Description |
|---|
invalid_api_key | The key provided is not recognized by the system. |
expired_api_key | The API key has reached its expiration date or has been revoked. |
missing_api_key | No key was provided in the Authorization header. |
