Every request to the Flatkey API must include a valid API key in the Authorization header as a Bearer token. You create and manage keys in the Flatkey console.
Flatkey API keys begin with sk-fk-. Keys are case-sensitive and must be passed exactly as generated.
Example request
Creating an API key
- Sign in to console.flatkey.ai
- Click Keys in the left sidebar
- Click Create Key and enter a name
- Copy the key — it is shown only once
If you lose a key, you must create a new one. Old keys remain active until explicitly revoked.
Authentication errors
Security best practices
- Store keys in environment variables, not in source code
- Use one key per deployment environment
- Revoke keys immediately if compromised
- Rotate keys periodically for production workloads
Never include API keys in client-side JavaScript, mobile app bundles, or public repositories. Keys can be misused to drain your balance.