Skip to main content
Flatkey authenticates every API request using an API key passed in the Authorization header as a Bearer token. You create and manage your keys in the Flatkey console — there is no OAuth flow or session management required.

Creating an API key

1

Open the Keys page

Log in to console.flatkey.ai and click Keys in the left sidebar.
2

Click Create Key

Give your key a descriptive name (e.g., production-app, staging, personal-testing). Names are for your reference only.
3

Copy the secret immediately

The full key is shown only once at creation. Copy it and store it in a secure location — a password manager, a secrets manager, or an environment variable. If you lose it, you must create a new key.
Never commit API keys to source control or include them in client-side code. Use environment variables or a secrets manager like AWS Secrets Manager, HashiCorp Vault, or Doppler.

Using your API key

Pass your key in the Authorization header on every request:

With the OpenAI SDK

The OpenAI Python and Node.js SDKs accept the key via the api_key / apiKey constructor parameter:

With the Anthropic SDK

If you use the Anthropic Python SDK, set base_url to https://router.flatkey.ai/v1 and pass your Flatkey key via the auth_token constructor parameter:

With curl

Authentication errors

Managing keys

  • Multiple keys: You can create as many keys as you like — one per environment (dev, staging, prod), or one per team member.
  • Revoking keys: Click the trash icon next to any key in the Keys page. Revocation is immediate.
  • No key expiry: Keys do not expire automatically. Rotate them regularly as a security best practice.
Use one API key per deployment environment. If a key is ever compromised, you can revoke just that one without affecting your other environments.

Environment variable setup

The recommended way to pass your key is via an environment variable:
Or in a .env file (ensure .env is in .gitignore):
.env