Authentication
The AIOZ AI API authenticates every request with an API key, sent in the x-api-key HTTP header. A key represents either a single user or an organization; whichever owns the key acts as the caller on every request.
How to send your key
Set the x-api-key header on every request. With the SDKs, you configure the key once at client construction.
curl
curl https://api.aiozai.network/api/v1/api-key/balance \
-H "x-api-key: $AIOZ_AI_API_KEY"Python
from aiozai_sdk import AiozAI
client = AiozAI(api_key=os.environ["AIOZ_AI_API_KEY"])
balance = client.account.balance()Node
import { AiozAI } from "@aioz-network/aiozai-sdk";
const client = new AiozAI({ apiKey: process.env.AIOZ_AI_API_KEY });
const balance = await client.account.balance();Go
import aiozai "github.com/aioz-network/aiozai-sdk-go"
c, err := aiozai.NewClient(aiozai.WithAPIKey(os.Getenv("AIOZ_AI_API_KEY")))
if err != nil { panic(err) }
balance, err := c.Account().Balance(context.Background())Personal and organization keys
Every API key is owned by either a user or an organization, and the calls you make with a key are authenticated as that owner.
Personal keys belong to your user account. Reach for one when you're working on a personal project or an individual integration; usage and inference cost will be attributed to your account.
Organization keys belong to an organization, and exist for shared and production work where cost and usage should roll up to the organization rather than to an individual. Only an organization's owner can create or manage them.
Personal keys live in your user settings; organization keys live in the organization's settings. See Managing API Keys for the step-by-step on creating and managing either.
Security best practices
Treat your API key like a password:
- Store it in an environment variable (
AIOZ_AI_API_KEY), never inline in source code. - Never commit a key to version control. If you do by accident, revoke it immediately and create a new one.
- Don't share keys across people or environments; create a separate key per use.
- If you suspect a key is compromised, revoke it from the UI. There is no separate "regenerate" action; revoke and create new.
The full key value is visible from the management UI any time you need to copy it, so you never have to store a backup elsewhere.