Key types
- Gateway API keys call model, provider, and generation endpoints available to your workspace.
- Management API keys call administration APIs. See Management API Keys.
- Rotated keys can be created at any time, then swapped into your app before the old key is removed.
phaseo_v1_sk_<kid>_<secret>. Treat them like passwords and avoid storing them in client-side code or public repositories.
You can call
:free models without depositing credits. Paid models require available wallet balance.Header format
Include the key in theAuthorization header on every request:
fetch:
Key handling checklist
| Practice | Why it matters |
|---|---|
| Use one key per app | Makes it easy to rotate without affecting other services. |
| Store keys securely | Secrets managers prevent accidental exposure in logs or error tracking. |
| Monitor usage | The dashboard shows per-key metrics so you can detect anomalies quickly. |
| Remove unused keys | Deleting stale keys reduces the surface area for potential abuse. |
Common authentication errors
- 401 Unauthorized: the key is missing, invalid, or belongs to a disabled workspace.
- 403 Forbidden: the key exists but cannot access the requested provider or model.
- 429 Too Many Requests: the key or workspace exceeded a limit. See Rate limits.
- 5xx errors: retry with exponential backoff and contact support if the issue persists.