Authentication
All API requests require authentication using an API key.
API Keys
API keys are used to authenticate requests. You can create and manage your API keys in the dashboard.
Key Format
All API keys start with sk_live_ followed by a unique identifier. Used for production.
sk_live_a1b2c3d4e5f6g7h8i9j0...Using Your API Key
Include your API key in the Authorization header with the Bearer prefix:
1Authorization: Bearer YOUR_API_KEY1curl https://api.deepcreativelabs.com/v1/account \
2 -H "Authorization: Bearer YOUR_API_KEY"Code Examples
Here's how to use your API key in different programming languages:
cURL
1curl https://api.deepcreativelabs.com/v1/black-forest-labs/flux-kontext-max/predictions \
2 -H "Authorization: Bearer YOUR_API_KEY" \
3 -H "Content-Type: application/json" \
4 -d '{
5 "model": "flux-kontext-max",
6 "input": {
7 "prompt": "A serene Japanese garden"
8 }
9 }'Node.js / JavaScript
1const apiKey = process.env.DEEPCREATIVE_API_KEY;
2
3const response = await fetch('https://api.deepcreativelabs.com/v1/black-forest-labs/flux-kontext-max/predictions', {
4 method: 'POST',
5 headers: {
6 'Authorization': `Bearer ${apiKey}`,
7 'Content-Type': 'application/json'
8 },
9 body: JSON.stringify({
10 input: { prompt: 'A serene Japanese garden' }
11 })
12});
13
14const data = await response.json();Python
1import os
2import requests
3
4api_key = os.getenv('DEEPCREATIVE_API_KEY')
5
6response = requests.post(
7 'https://api.deepcreativelabs.com/v1/black-forest-labs/flux-kontext-max/predictions',
8 headers={
9 'Authorization': f'Bearer {api_key}',
10 'Content-Type': 'application/json'
11 },
12 json={
13 'input': {'prompt': 'A serene Japanese garden'}
14 }
15)
16
17data = response.json()Security Best Practices
Never expose your API key
- Don't commit API keys to version control (use .gitignore)
- Don't include API keys in client-side code or mobile apps
- Don't share API keys in public forums or support tickets
- Don't log API keys in application logs
✓ Do this instead
- Store API keys in environment variables
- Use a secrets manager in production (AWS Secrets Manager, HashiCorp Vault)
- Make API calls from your backend server only
- Rotate API keys periodically
- Use HTTPS for all API requests
- Monitor API usage for suspicious activity
Environment Variables
We recommend storing your API key in an environment variable:
1DEEPCREATIVE_API_KEY=YOUR_API_KEY1const apiKey = process.env.DEEPCREATIVE_API_KEY;
2
3const response = await fetch('https://api.deepcreativelabs.com/v1/predictions', {
4 headers: {
5 'Authorization': `Bearer ${apiKey}`
6 }
7});Key Limits & Quotas
Each API key has associated limits and permissions:
| Property | Description |
|---|---|
| credits_balance | Available credit balance for this key |
| rate_limit_per_minute | Maximum requests per minute (default: 60) |
| concurrent_limit | Maximum concurrent predictions (default: 5) |
| daily_limit | Optional daily spending limit |
Error Responses
When authentication fails, the API returns error responses with specific codes:
401 Unauthorized
Returned when the API key is missing, invalid, or malformed.
{
"error": {
"type": "authentication_error",
"message": "Invalid API key provided",
"code": "invalid_api_key"
}
}403 Forbidden
Returned when the API key is valid but lacks permission for the requested resource.
{
"error": {
"type": "permission_error",
"message": "Your API key does not have permission to access this resource",
"code": "insufficient_permissions"
}
}API Key Management
Creating API Keys
Create and manage your API keys from the API Keys settings page. You can create multiple keys for different environments or applications.
Revoking Keys
If you believe your API key has been compromised, immediately revoke it from the API Keys settings and create a new one. Revoked keys are invalidated immediately and cannot be restored.
Key Rotation
For enhanced security, rotate your API keys regularly. Create a new key, update your applications to use it, then revoke the old key once the transition is complete.