Skip to main content
To call your Endprompt endpoints, you need an API key. This page covers creating, managing, and using API keys securely.

Creating an API Key

1

Navigate to API Keys

Click API Keys in the sidebar.
2

Click Create API Key

Click the Create API Key button.
3

Name Your Key

Give it a descriptive name:
  • Production - Web App
  • Development - Local
  • CI/CD Pipeline
4

Copy the Key

Copy the displayed key immediately. You won’t see it again!
API keys are shown only once at creation. Store them securely immediately. If you lose a key, create a new one.

Using Your API Key

Include your API key in the x-api-key header:

API Key Format

Endprompt API keys follow a consistent format:

Managing API Keys

Viewing Keys

The API Keys page shows:
For security, you cannot view the full key after creation. Only the last 4 characters are shown.

Revoking Keys

If a key is compromised:
  1. Go to API Keys
  2. Find the key to revoke
  3. Click Revoke
  4. Confirm the action
Revoking a key immediately invalidates it. Any applications using that key will start receiving 401 errors.

Rotating Keys

Best practice is to rotate keys periodically:
1

Create New Key

Create a new API key with a similar name.
2

Update Applications

Deploy the new key to your applications.
3

Verify

Confirm the new key works correctly.
4

Revoke Old Key

Revoke the previous key.

Security Best Practices

Never Expose Keys

Don’t commit keys to git or expose in client-side code

Use Environment Variables

Store keys in env vars, not hardcoded

Rotate Regularly

Create new keys and revoke old ones periodically

Use Separate Keys

Different keys for dev, staging, production

Environment Variables

Store your API key in environment variables:

Key Naming Convention

Use descriptive names that identify:
  • Environment (Production, Staging, Development)
  • Application or service name
  • Purpose
Examples:
  • Production - Main API
  • Staging - Integration Tests
  • Development - Local Testing
  • CI/CD - GitHub Actions

Authentication Errors

401 Unauthorized

Causes:
  • Missing x-api-key header
  • Invalid API key
  • Revoked API key
Solutions:
  • Verify the header name is exactly x-api-key
  • Check for typos in the key
  • Confirm the key is active in your dashboard

403 Forbidden

Causes:
  • Key doesn’t have access to the endpoint
  • Endpoint is internal/private

Rate Limits Per Key

Each API key has its own rate limits:
Contact support if you need higher limits for your use case.

Next Steps

Making Requests

Learn the request format

Code Examples

Complete examples in multiple languages

Admin API Keys

Create admin keys for management access and MCP

MCP Server

Connect AI coding tools to Endprompt