Authentication and API Keys
Dual auth model (API keys + session tokens), key format, lifecycle, and secure handling.
Dual auth model (API keys + session tokens), key format, lifecycle, and secure handling.
- Copy the request sample from this page.
- Run it in API Explorer with your key.
- Confirm stream done payload (finish_reason + charged credits).
- Move the same payload into your backend code.
Authentication model
LLMWise supports two authentication methods:
| Method | Header format | Use case |
|---|---|---|
| API key | Bearer mm_sk_... | Server-side integrations, scripts, CI/CD |
| Session token | Bearer eyJ... (JWT) | Browser dashboard, frontend apps via Clerk |
Both methods use the same Authorization: Bearer <token> header. The backend detects which method you are using by the token prefix.
API key details
- Prefix:
mm_sk_followed by 64 hex characters - Storage: Keys are SHA-256 hashed before storage — the raw key is only shown once at generation time
- One key per account at a time. Generating a new key invalidates the previous one
Key lifecycle
Key endpoints
- Generate:
POST /api/v1/keys/generate - Status:
GET /api/v1/keys/info - Revoke:
DELETE /api/v1/keys/revoke
Session token auth
When using the LLMWise dashboard, authentication is handled automatically via Clerk session tokens (RS256 JWTs). On first authenticated API call, a user account is auto-created with 40 free credits. No separate registration step is needed.
Secure usage baseline
LLMWISE_BASE_URL=https://llmwise.ai/api/v1
LLMWISE_API_KEY=mm_sk_xxx
REQUEST_TIMEOUT_MS=60000
Recommended key policy
- One key per app/service.
- Rotate keys periodically.
- Revoke on any leak signal.
- Never place keys in browser bundle or client-side code.
If a key appears in client-side JavaScript, assume it is compromised. Keep keys only on server-side controlled infrastructure.
ChatKit-style guided help
Product-scoped assistant for LLMWise docs and API usage. It does not answer unrelated topics.
Sign in to ask implementation questions and get runnable snippets.
Sign in to use assistant