Skip to Content
API AccessAuthentication

Authentication

API Access requests use Bearer token authentication with a Steinkauz API key.

API key format

Keys look like:

sk-steinkauz-live-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • The prefix sk-steinkauz-live- identifies production keys.
  • The full secret is shown once when you create the key in Settings → API Keys.
  • We store only a hash of the key; we cannot recover a lost secret.

Request header

Authorization: Bearer sk-steinkauz-live-YOUR_SECRET

Example

curl -sS "$STEINKAUZ_BASE_URL/v1/models" \
  -H "Authorization: Bearer $STEINKAUZ_API_KEY"

Store credentials in environment variables on the server that runs your integration (never commit real keys):

export STEINKAUZ_API_KEY="sk-steinkauz-live-..."
export STEINKAUZ_BASE_URL="https://chat.steinkauz.ai"

Key hygiene

  • Treat API keys like passwords. Do not embed them in client-side code or public repositories.
  • Use server-to-server calls. API keys are not intended for browser-exposed applications.
  • Revoke compromised keys immediately in Settings → API Keys.
  • Choose the lowest security classification that still meets your data needs.
  • Create separate keys for separate integrations so you can revoke or rotate one without affecting others.

Account requirements

Your Steinkauz account must be active with a valid subscription. Gateway subscribers need remaining inference budget; BYOK subscribers need at least one configured provider with a valid API key. Requests authenticated with a valid API key are authorized independently of the web chat session.

Last updated on
OverviewModels