All API requests require authentication using a Bearer token in the Authorization header.
Getting Your API Key
Visit the Gateway Console to generate your API key. Keys are in the format sk-xxxxxxxxxx.
Using Your API Key
Include the Authorization header in every request:
Authorization: Bearer sk-your-api-key-here
Example with cURL
curl https://gateway.iotex.ai/v1/chat/completions \
-H "Authorization: Bearer sk-your-api-key-here" \
-H "Content-Type: application/json" \
-d '{"model": "gemini-2.5-flash", "messages": [{"role": "user", "content": "Hello"}]}'
Example with OpenAI SDK
from openai import OpenAI
client = OpenAI(
api_key="sk-your-api-key-here",
base_url="https://gateway.iotex.ai/v1"
)
Security Best Practices
Never expose your API key in client-side code (browser JavaScript, mobile apps, etc.). Always route requests through a backend server.
- Use environment variables to store your API key — never hardcode it in source files
- Rotate your key regularly through the Gateway Console
- Use separate keys for different environments (development, staging, production)
- Monitor usage in the console to detect any unauthorized access
