API Authentication Guide
Secure your API calls with proper authentication methods.
Proper authentication is essential for securing your API calls. This guide covers all authentication methods supported by our platform.
API Keys
API keys are the simplest authentication method. Include your key in the request header: ``` Authorization: Bearer YOUR_API_KEY ```
Generating API Keys
1. Log into your dashboard 2. Navigate to Settings > API Keys 3. Click 'Generate New Key' 4. Store the key securely - it won't be shown again
OAuth 2.0
For applications acting on behalf of users, we support OAuth 2.0:
- •Authorization Code flow for web apps
- •PKCE extension for mobile/SPA apps
- •Client Credentials for server-to-server
Security Best Practices
- Never expose API keys in client-side code
- •Rotate keys periodically
- •Use environment variables
- •Implement key scoping for minimal permissions
- •Monitor API usage for anomalies
Rate Limiting
Authentication is tied to rate limits:
- •Free tier: 100 requests/minute
- •Pro tier: 1000 requests/minute
- •Enterprise: Custom limits
Error Handling
Common authentication errors:
- •401 Unauthorized: Invalid or missing API key
- •403 Forbidden: Valid key but insufficient permissions
- •429 Too Many Requests: Rate limit exceeded
Testing Authentication
Test your authentication setup with: ```bash curl -H 'Authorization: Bearer YOUR_KEY' \ https://api.1.ml/v1/models ```