Skip to main content

API Key Authentication

GPTProto API uses Bearer token authentication. All API requests must include your API key in the Authorization header.

Getting Your API Key

  1. Sign up for a GPTProto account at https://gptproto.com
  2. Navigate to the API Keys section in your dashboard
  3. Generate a new API key
  4. Copy and securely store your API key
Keep Your API Key Secure
  • Never commit API keys to version control
  • Don’t share your API key publicly
  • Use environment variables to store keys
  • Rotate keys regularly for enhanced security

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer prefix: 
curl https://gptproto.com/v1/chat/completions \
  -H "Authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Environment Variables

Store your API key in environment variables instead of hardcoding it: 
export GPTPROTO_API_KEY="your-api-key-here"

Using .env Files

For local development, use a .env file: 
# Install python-dotenv: pip install python-dotenv
from dotenv import load_dotenv
import os

load_dotenv()
api_key = os.getenv("GPTPROTO_API_KEY")
Always add .env to your .gitignore file to prevent accidentally committing secrets.

Authentication Errors

Common Error Responses

401 Unauthorized
error
Your API key is missing or invalid.
{
  "error": {
    "message": "Invalid authentication credentials",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}
403 Forbidden
error
Your API key doesn’t have permission to access this resource.
{
  "error": {
    "message": "You do not have access to this resource",
    "type": "permission_error",
    "code": "insufficient_permissions"
  }
}
429 Too Many Requests
error
You’ve exceeded your rate limit.
{
  "error": {
    "message": "Rate limit exceeded",
    "type": "rate_limit_error",
    "code": "rate_limit_exceeded"
  }
}

Best Practices

Always store API keys in environment variables, never in your source code.
Regularly rotate your API keys to minimize security risks. Generate new keys and update your applications before revoking old ones.
Use separate API keys for development, staging, and production environments.
Regularly check your API usage in the dashboard to detect any unusual activity.
Implement client-side rate limiting to avoid hitting API rate limits.

API Key Management

Generating New Keys

  1. Log in to your dashboard
  2. Navigate to API Keys
  3. Click Generate New Key
  4. Give your key a descriptive name
  5. Copy the key immediately (you won’t be able to see it again)

Revoking Keys

If you suspect your API key has been compromised:
  1. Go to your dashboard
  2. Find the compromised key in the API Keys section
  3. Click Revoke
  4. Generate a new key and update your applications
Set up key expiration policies to automatically rotate keys after a specified period.

Support

If you’re experiencing authentication issues:
  • Check that your API key is correctly formatted
  • Verify your key hasn’t been revoked
  • Ensure you’re using the correct API endpoint
  • Contact [ [email protected]](mailto: [email protected]) for help