Authentication

API Keys

Create and manage your API keys

Create a Key

After logging in, go to the API Keys page and click Create Key to generate a new API Key.

Note

Please copy and save your key immediately after creation. For security reasons, the full key value will not be displayed again after creation. If lost, you need to delete it and create a new one.

Key Format

NexusFlow API Keys uniformly use the sk-air- prefix followed by a random string.

sk-air-a1b2c3d4e5f6g7h8i9j0...

Authentication Method

All protocols can pass the API Key via their native request headers (SDKs handle this automatically). Additionally, the Anthropic protocol also supports the generic Authorization: Bearer header.

Protocol	Native Header	Generic Header
OpenAI	`Authorization: Bearer KEY`	`-`
Anthropic	`x-api-key: KEY`	`Authorization: Bearer KEY`

When using official SDKs, you don't need to worry about header details - the SDK handles them automatically. The generic header is mainly useful when using cURL or custom HTTP clients for unified authentication.

Best Practices

Isolate by Project

Create separate Keys for different projects for easier management and usage tracking.

Rotate Regularly

Periodically delete old Keys and create new ones to reduce exposure risk.

Use Environment Variables

Don't hard-code Keys in your code - use environment variables or key management services.

Handle Leaks

If a Key is leaked, immediately delete it on the key management page and create a new one.

Related Docs

Quick Start

Get started calling AI models in three steps

Multi-Protocol Support

Learn about authentication for each protocol