Back to Home

Authentication

Tokensmart's API uses Bearer Token authentication, identical to the OpenAI API.

Two supported header formats

Tokensmart supports both common header styles so it drops into any SDK:

1. Authorization (OpenAI style)

Authorization: Bearer pk_live_xxxxxxxxxxxxxxxx

This is the default for the OpenAI SDK and most third-party libraries.

2. x-api-key (Anthropic style)

x-api-key: pk_live_xxxxxxxxxxxxxxxx

The Anthropic official SDK uses this header. When you use it, do not also send Authorization.

Creating an API key

  1. Open the API Keys page
  2. Click "Create new key"
  3. Name it (we recommend per-project / per-environment names like prod-web / staging-ios)
  4. Optional settings:
    • Daily limit: cap how much a single key can spend per day
    • Model allowlist: restrict the key to specific models
  5. Save the key — it is only shown once

Security best practices

  • Never embed an API key in frontend code or a public repo
  • Store it in an environment variable, for example TOKENSMART_API_KEY
  • Issue separate keys for development, staging, and production for easier auditing and revocation
  • Rotate keys periodically
  • If you suspect a leak, delete and recreate the key immediately from the API Keys page

Deleting a key

Open API Keys, find the key, and delete it. Deletion takes effect immediately — subsequent requests with that key return 401.