Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.llmtune.io/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

All API requests use Bearer token authentication with an API key.

Headers

Send your API key in the Authorization header: 
Authorization: Bearer sk_live_your_key_here
Alternatively, some endpoints accept: 
Authorization: your_key_here
The key must be created in the dashboard under API Keys. Keys start with sk_ (e.g. sk_live_...).

Example

curl https://api.llmtune.io/v1/models/MODEL_ID/inference \
  -H "Authorization: Bearer sk_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "Hello", "maxTokens": 50}'

Security best practices

PracticeDescription
Server-side onlyNever embed API keys in client apps or frontend code. Call the API from your backend and keep the key in env vars or a secret manager.
Rotate keysRotate keys periodically and when someone leaves the team. Create a new key in the dashboard and update your services, then revoke the old key.
Least privilegeUse separate keys per environment (e.g. dev vs production) so a compromise is limited in scope.
No source controlDo not commit keys to Git. Use .env (and add it to .gitignore) or a secrets backend.

Invalid or missing key

  • Missing header — Responses return 401 Unauthorized with a message that a valid API key is required.
  • Invalid key — Same 401; the key may be revoked, malformed, or from another account.
If you see 401, check that the key is correct, active in the dashboard, and sent as Authorization: Bearer sk_....