Authorization header of every request.
API Key Format
VoidAI API keys follow this format:Making Authenticated Requests
Include your API key in theAuthorization header using the Bearer token scheme:
Managing API Keys
You can create and manage multiple API keys from your dashboard. Each key can be:- Named for easy identification (e.g., “Production”, “Development”)
- Enabled/Disabled without deletion
- Deleted permanently when no longer needed
Environment Variables
We recommend storing your API key in an environment variable:Authentication Errors
| Error Code | Description |
|---|---|
MISSING_HEADER | No Authorization header provided |
INVALID_FORMAT | Header format is incorrect (must be Bearer <token>) |
INVALID_KEY | The API key does not exist or is incorrect |
ACCOUNT_DISABLED | Your account has been disabled |
IP_ACCESS_DENIED | Request IP is not in your allowlist |
Example Error Response
IP Allowlisting
For enhanced security, you can restrict API access to specific IP addresses from your dashboard. When enabled, requests from non-allowlisted IPs will be rejected.IP allowlisting is optional. If no IPs are configured, requests from any IP address will be accepted.
Best Practices
Use environment variables
Use environment variables
Never hardcode API keys in your source code. Use environment variables or secure secret management systems.
Rotate keys regularly
Rotate keys regularly
Periodically regenerate your API keys, especially for production environments.
Use separate keys for environments
Use separate keys for environments
Create different API keys for development, staging, and production environments.
Monitor usage
Monitor usage
Regularly check your dashboard for unusual activity or unexpected usage patterns.