Skip to main content
Conduit.im

Documentation

Authentication

Learn how to authenticate your API requests with Conduit.im using API keys.

Overview

Conduit.im uses API keys to authenticate requests. Every API request must include a valid API key in the Authorization header as a Bearer token. Requests without a valid key will be rejected with a 401 error.

Getting Your API Key

To create an API key:

  1. Sign in to your Conduit.im dashboard
  2. Navigate to the API Keys section
  3. Click Create New Key
  4. Give your key a descriptive name (e.g., "Production Server" or "Development")
  5. Optionally configure spending limits
  6. Copy the key immediately — it will only be shown once

Important: Your API key is only displayed once when created. If you lose it, you'll need to create a new one. Store it in a secure location immediately.

Using Your API Key

Include your API key in the Authorization header of every request as a Bearer token:

cURL

curl -X POST "https://api.conduit.im/v1/chat/completions" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

JavaScript

const response = await fetch("https://api.conduit.im/v1/chat/completions", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.CONDUIT_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    model: "gpt-4",
    messages: [{ role: "user", content: "Hello!" }],
  }),
});

const data = await response.json();
console.log(data.choices[0].message.content);

Python

import os
import requests

response = requests.post(
    "https://api.conduit.im/v1/chat/completions",
    headers={
        "Authorization": f"Bearer {os.environ['CONDUIT_API_KEY']}",
        "Content-Type": "application/json",
    },
    json={
        "model": "gpt-4",
        "messages": [{"role": "user", "content": "Hello!"}],
    },
)

data = response.json()
print(data["choices"][0]["message"]["content"])

API Key Security

Never expose your API key in client-side code. API keys included in frontend JavaScript, mobile apps, or public repositories can be extracted and misused.

Follow these best practices to keep your API keys secure:

  • Store keys in environment variables or a secrets manager, never in source code
  • Use different keys for development and production environments
  • Rotate your keys periodically and revoke any that may have been compromised
  • Make API calls from your server, not directly from the browser
  • Add your .env file to .gitignore

Spending Limits

Each API key can have configurable spending limits to help you control costs and prevent unexpected charges. You can set limits on three intervals:

Daily Limit

Resets every 24 hours

Weekly Limit

Resets every 7 days

Monthly Limit

Resets every 30 days

Tip: Set spending limits on development keys to avoid accidentally running up costs during testing. You can adjust limits anytime from your dashboard.

Error Responses

If authentication fails, you'll receive one of these error responses:

401 Unauthorized

Returned when no API key is provided or the key is invalid.

{
  "error": {
    "message": "Invalid API key provided.",
    "type": "authentication_error",
    "code": "invalid_api_key"
  }
}

403 Forbidden

Returned when the API key is valid but has exceeded its spending limit.

{
  "error": {
    "message": "API key has exceeded its spending limit.",
    "type": "authorization_error",
    "code": "spending_limit_exceeded"
  }
}

Next Steps

Now that you know how to authenticate, explore these resources:

Quick Start

Make your first API call in under 5 minutes

Chat Completions

Learn about the chat completions endpoint

Explore Models

Browse all available models and providers

Best Practices

Tips for production-ready integrations