Skip to main content
To call your Endprompt endpoints, you need an API key. This page covers creating, managing, and using API keys securely.

Creating an API Key

1

Navigate to API Keys

Click API Keys in the sidebar.
2

Click Create API Key

Click the Create API Key button.
3

Name Your Key

Give it a descriptive name:
  • Production - Web App
  • Development - Local
  • CI/CD Pipeline
4

Copy the Key

Copy the displayed key immediately. You won’t see it again!
API keys are shown only once at creation. Store them securely immediately. If you lose a key, create a new one.

Using Your API Key

Include your API key in the x-api-key header: 
curl -X POST https://yourcompany.api.endprompt.ai/api/v1/summarize \
  -H "Content-Type: application/json" \
  -H "x-api-key: ep_live_xxxxxxxxxxxxxxxxxxxx" \
  -d '{"text": "Your content here"}'

API Key Format

Endprompt API keys follow a consistent format: 
ep_live_xxxxxxxxxxxxxxxxxxxx
│  │    └── Random characters
│  └── Environment (live/test)
└── Prefix

Managing API Keys

Viewing Keys

The API Keys page shows:
ColumnDescription
NameYour descriptive name
CreatedWhen the key was created
Last UsedMost recent API call
StatusActive or Revoked
For security, you cannot view the full key after creation. Only the last 4 characters are shown.

Revoking Keys

If a key is compromised:
  1. Go to API Keys
  2. Find the key to revoke
  3. Click Revoke
  4. Confirm the action
Revoking a key immediately invalidates it. Any applications using that key will start receiving 401 errors.

Rotating Keys

Best practice is to rotate keys periodically:
1

Create New Key

Create a new API key with a similar name.
2

Update Applications

Deploy the new key to your applications.
3

Verify

Confirm the new key works correctly.
4

Revoke Old Key

Revoke the previous key.

Security Best Practices

Never Expose Keys

Don’t commit keys to git or expose in client-side code

Use Environment Variables

Store keys in env vars, not hardcoded

Rotate Regularly

Create new keys and revoke old ones periodically

Use Separate Keys

Different keys for dev, staging, production

Environment Variables

Store your API key in environment variables: 
ENDPROMPT_API_KEY=ep_live_xxxxxxxxxxxxxxxxxxxx

Key Naming Convention

Use descriptive names that identify:
  • Environment (Production, Staging, Development)
  • Application or service name
  • Purpose
Examples:
  • Production - Main API
  • Staging - Integration Tests
  • Development - Local Testing
  • CI/CD - GitHub Actions

Authentication Errors

401 Unauthorized

{
  "error": "unauthorized",
  "message": "Invalid or missing API key"
}
Causes:
  • Missing x-api-key header
  • Invalid API key
  • Revoked API key
Solutions:
  • Verify the header name is exactly x-api-key
  • Check for typos in the key
  • Confirm the key is active in your dashboard

403 Forbidden

{
  "error": "forbidden",
  "message": "Access denied to this endpoint"
}
Causes:
  • Key doesn’t have access to the endpoint
  • Endpoint is internal/private

Rate Limits Per Key

Each API key has its own rate limits:
LimitDefault
Per Minute60 requests
Per Hour1,000 requests
Per Day10,000 requests
Contact support if you need higher limits for your use case.

Next Steps

Making Requests

Learn the request format

Code Examples

Complete examples in multiple languages