Guides
Authentication
Every HTTPS call must carry your secret key in an Authorization header: "Bearer YOUR_KEY_HERE". Never ship keys inside browsers.
…Security checklist
- Use environment variables (or vault) serverside — never NEXT_PUBLIC_* for inference keys.
- Rotate compromised keys instantly from the dashboard.
- Use separate staging vs production workspaces when you graduate past experiments.
Expanded reference: API Authentication.