Skip to main content
Every request to the Flatkey API must include a valid API key in the Authorization header as a Bearer token. You create and manage keys in the Flatkey console.

Header format

Flatkey API keys begin with sk-fk-. Keys are case-sensitive and must be passed exactly as generated.

Example request

Creating an API key

  1. Sign in to console.flatkey.ai
  2. Click Keys in the left sidebar
  3. Click Create Key and enter a name
  4. Copy the key — it is shown only once
If you lose a key, you must create a new one. Old keys remain active until explicitly revoked.

Authentication errors

Error response format

Security best practices

  • Store keys in environment variables, not in source code
  • Use one key per deployment environment
  • Revoke keys immediately if compromised
  • Rotate keys periodically for production workloads
Never include API keys in client-side JavaScript, mobile app bundles, or public repositories. Keys can be misused to drain your balance.