Authentication

All API requests use Bearer token authentication with an API key.

Headers

Send your API key in the Authorization header:

Authorization: Bearer sk_live_your_key_here

Alternatively, some endpoints accept:

Authorization: your_key_here

The key must be created in the dashboard under API Keys. Keys start with sk_ (e.g. sk_live_...).

Example

curl https://api.llmtune.io/v1/models/MODEL_ID/inference \
  -H "Authorization: Bearer sk_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "Hello", "maxTokens": 50}'

Security best practices

Practice	Description
Server-side only	Never embed API keys in client apps or frontend code. Call the API from your backend and keep the key in env vars or a secret manager.
Rotate keys	Rotate keys periodically and when someone leaves the team. Create a new key in the dashboard and update your services, then revoke the old key.
Least privilege	Use separate keys per environment (e.g. dev vs production) so a compromise is limited in scope.
No source control	Do not commit keys to Git. Use `.env` (and add it to `.gitignore`) or a secrets backend.

Invalid or missing key

Missing header — Responses return 401 Unauthorized with a message that a valid API key is required.
Invalid key — Same 401; the key may be revoked, malformed, or from another account.

If you see 401, check that the key is correct, active in the dashboard, and sent as Authorization: Bearer sk_....

Overview

Inference

Agent

Fine-tuning

Billing & errors

Authentication

Authentication

Headers

Example

Security best practices

Invalid or missing key

Overview

Inference

Agent

Fine-tuning

Billing & errors

​Authentication

​Headers

​Example

​Security best practices

​Invalid or missing key

Authentication

Headers

Example

Security best practices

Invalid or missing key