Authentication
All inference requests authenticate with an API key passed as a bearer token:
Authorization: Bearer sk-crustoff-...Create and revoke keys in your dashboard. A key is shown in full once, at creation — we only store a hash, so we can’t recover it later. If you lose it, revoke it and create a new one.
API keys are machine credentials with spending power. Keep them on your server, never in
browser or mobile client code, and never commit them to source control. Use an environment
variable (CRUSTOFF_API_KEY).
Two kinds of credentials
Crustoff has two separate auth planes — don’t mix them up:
| Credential | Used for | Where |
|---|---|---|
sk-crustoff-… API key | The inference API (/v1/*) | Your code / SDKs |
| Dashboard login | Managing keys, credits, usage | crustoff.app/dashboard |
The API key authenticates machines calling the model endpoints. Your dashboard login (email + password) is for humans managing the account, and is never used to call the inference API.
Revoking a key
Revoke from the dashboard. Revocation takes effect within seconds — any app still using the key
will start receiving 401 errors.
Errors
| Status | code | Meaning |
|---|---|---|
401 | missing_api_key | No Authorization header |
401 | invalid_api_key | Unknown key |
401 | inactive_api_key | Key was revoked |
403 | inactive_account | Account is suspended |
See Errors for the full error shape.