Every request to the Deepshi API is authenticated with an API key sent as a bearer token.
API keys
You create and manage keys from your Deepshi dashboard. A key:
- Begins with
sk-bf- followed by a secret value.
- Is shown only once, at creation. Store it immediately, because Deepshi keeps only a hash and can’t show it to you again.
- Does not expire. It stays valid until you rotate, revoke, or delete it.
- Draws on your account’s shared credit balance. All of your keys spend from the same balance.
Your key is a secret. Keep it server-side, load it from an environment
variable, and never ship it in browser or mobile client code. If a key leaks,
rotate or delete it from the dashboard right away.
Authenticating requests
Send the key in the Authorization header as a bearer token:
Authorization: Bearer sk-bf-your-key
curl https://api.deepshi.ai/v1/chat/completions \
-H "Authorization: Bearer $DEEPSHI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model": "deepshi-3.0", "messages": [{"role": "user", "content": "Hi"}]}'
Store keys safely
Load the key from the environment instead of hardcoding it:
export DEEPSHI_API_KEY="sk-bf-..."
Use a separate key per application or environment (for example one for
staging, one for production). Rotating or revoking one key then won’t affect
the others.
Rotating and revoking keys
From the dashboard you can:
- Rotate a key to issue a new
sk-bf- value and immediately invalidate the old one. Use this if a key may be compromised.
- Revoke a key to disable it without deleting it. Requests with a revoked key return
403.
- Delete a key to remove it permanently.
Authentication errors
| Status | Meaning | What to do |
|---|
401 Unauthorized | Missing, malformed, or unknown key | Check the Authorization header and that the key is correct. |
403 Forbidden | Key was revoked, or it isn’t allowed to use the requested model | Use an active key, or pick a model your account can access. |
402 Payment Required | Out of credits | Top up your balance. |
