Authentication

Secure your Korad.AI API requests with proper authentication.

API Keys

Korad.AI uses API keys for authentication. Your key starts with sk-korad-:

sk-korad-xxxxxxxxxxxxxxxxxxxxxxxx

Getting Your API Key

Sign up at korad.ai/dashboard
Your API key is automatically generated
Copy it from the dashboard

Using Your API Key

Method 1: x-api-key Header (Recommended)

curl https://api.korad.ai/v1/messages \
  -H "x-api-key: sk-korad-YOUR-KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '...'

Method 2: Authorization Bearer Header

curl https://api.korad.ai/v1/messages \
  -H "Authorization: Bearer sk-korad-YOUR-KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '...'

Method 3: Environment Variable (SDKs)

export ANTHROPIC_API_KEY="sk-korad-YOUR-KEY"
export ANTHROPIC_BASE_URL="https://api.korad.ai/v1"

Then use the SDK normally:

import anthropic

client = anthropic.Anthropic()  # Reads from env vars

Security Best Practices

1. Never Commit API Keys

Security Risk

Never commit API keys to git. Use environment variables or secret management.

# .gitignore
.env
*.key
secrets.txt

2. Rotate Keys Regularly

Generate a new key from the dashboard and update your applications:

# In dashboard: Generate new key
# Update your application
# Old key expires automatically after 7 days

3. Use Different Keys for Different Environments

# Development
export ANTHROPIC_API_KEY="sk-korad-dev-..."

# Staging
export ANTHROPIC_API_KEY="sk-korad-staging-..."

# Production
export ANTHROPIC_API_KEY="sk-korad-prod-..."

4. Set Key Scopes

Coming soon: Keys with specific scopes (read-only, specific models, rate limits).

5. Monitor Key Usage

curl https://api.korad.ai/v1/user/me \
  -H "Authorization: Bearer sk-korad-YOUR-KEY"

Response includes usage stats and last activity.

Key Management

View Your Keys

Visit korad.ai/dashboard → API Keys

Generate New Key

Go to Dashboard
Click "Generate New Key"
Copy the key (shown only once!)
Use in your application

Delete Keys

Delete unused keys from the dashboard for security.

Authentication Errors

401 Unauthorized

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key"
  }
}

Causes:

Missing or incorrect API key
Expired key
Revoked key

Solution: Verify your API key is correct and active.

403 Forbidden

{
  "error": {
    "type": "permission_error",
    "message": "Insufficient permissions"
  }
}

Causes:

Key doesn't have required scope
Key rate limit exceeded

Troubleshooting

"Invalid API Key" Error

Check your key format

Korad.AI keys start with sk-korad-. Make sure you're not using an Anthropic key (sk-ant-...).

Check for extra spaces

# Wrong
export ANTHROPIC_API_KEY=" sk-korad-YOUR-KEY"

# Right
export ANTHROPIC_API_KEY="sk-korad-YOUR-KEY"

Verify env var is loaded

echo $ANTHROPIC_API_KEY
# Should output: sk-korad-YOUR-KEY

Key Works in curl But Not in SDK

Make sure you're setting ANTHROPIC_BASE_URL:

export ANTHROPIC_BASE_URL="https://api.korad.ai/v1"
export ANTHROPIC_API_KEY="sk-korad-YOUR-KEY"

Next Steps

Quick Start — Start using your API key
API Reference — Make authenticated requests
Billing — Add credits to your account

API Keys​

Getting Your API Key​

Using Your API Key​

Method 1: x-api-key Header (Recommended)​

Method 2: Authorization Bearer Header​

Method 3: Environment Variable (SDKs)​

Security Best Practices​

1. Never Commit API Keys​

2. Rotate Keys Regularly​

3. Use Different Keys for Different Environments​

4. Set Key Scopes​

5. Monitor Key Usage​

Key Management​

View Your Keys​

Generate New Key​

Delete Keys​

Authentication Errors​

401 Unauthorized​

403 Forbidden​

Troubleshooting​

"Invalid API Key" Error​

Key Works in curl But Not in SDK​

Next Steps​