Authentication

Every API request must include an API key in the Authorization header.

API key format

Keys follow the format sk-{32 hex characters}:

sk-4a9f2c1b8e3d7a05f6c2b9e1d4a8f3c7

Using your key

Include it as a Bearer token in every request:

curl https://sovereigneg.com/v1/chat/completions \
  -H "Authorization: Bearer sk-4a9f2c1b8e3d7a05f6c2b9e1d4a8f3c7" \
  -H "Content-Type: application/json" \
  -d '{"model": "...", "messages": [{"role": "user", "content": "Hello"}]}'

With the Python SDK:

from openai import OpenAI
 
client = OpenAI(
    api_key="sk-4a9f2c1b8e3d7a05f6c2b9e1d4a8f3c7",
    base_url="https://sovereigneg.com/v1"
)

Managing keys

ActionHow
CreateDashboard → API Keys → Create new key
ViewDashboard shows key prefix (sk-...f3c7) and last used date
RevokeDashboard → API Keys → Click Revoke (immediate, cannot be undone)
RotateCreate a new key, update your code, then revoke the old one

The full key is shown only once at creation time. Copy it immediately. We store only the SHA-256 hash — we cannot recover your key.

Security best practices

  • Never commit keys to version control. Use environment variables.
  • Never expose keys in client-side code. Call the API from your server.
  • Rotate keys regularly. Create a new key, migrate, then revoke the old.
  • Use separate keys for dev and production. Easier to revoke if compromised.
  • Monitor usage. The dashboard shows per-key usage — investigate spikes immediately.

Error responses

Missing or invalid key returns 401:

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key",
    "code": "invalid_api_key"
  }
}

Revoked key:

{
  "error": {
    "type": "authentication_error",
    "message": "API key has been revoked",
    "code": "key_revoked"
  }
}
PreviousQuickstartNextChat Completions