Authentication

All API requests to EmberCloud require authentication via an API key. The key is passed as a Bearer token in the Authorization header of every request.

Authorization Header
Authorization: Bearer YOUR_API_KEY

Get an API Key

To get an API key, create an EmberCloud account and generate one from the dashboard:

  1. Sign up for an EmberCloud account (or sign in if you already have one)
  2. Go to the Dashboard → Keys page
  3. Click Create Key to generate a new API key
  4. Copy the key immediately — it is only shown once at creation time

Important: API keys are only displayed in full when they are first created. After that, only the last 4 characters are visible. Make sure to copy and store your key securely before closing the dialog.

Using Your Key

Include your API key in the Authorization header as a Bearer token on every request.

curl https://api.embercloud.ai/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "glm-4.7",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Environment Variables

Rather than hardcoding your API key, store it as an environment variable. The OpenAI SDKs automatically read from OPENAI_API_KEY when no key is passed explicitly, so you can configure it once and skip the api_key parameter.

# Add to your shell profile (.bashrc, .zshrc, etc.)
export OPENAI_API_KEY="your-api-key"
export OPENAI_BASE_URL="https://api.embercloud.ai/v1"

With the environment variables set, the SDK picks up the key automatically:

from openai import OpenAI

# No api_key needed — reads from OPENAI_API_KEY
client = OpenAI(base_url="https://api.embercloud.ai/v1")

response = client.chat.completions.create(
    model="glm-4.7",
    messages=[{"role": "user", "content": "Hello!"}],
)

Security Best Practices

  • Never expose keys in client-side code. API keys should only be used in server-side applications, backend services, or serverless functions — never in browser JavaScript, mobile apps, or any code shipped to end users.
  • Do not commit keys to version control. Add .env to your .gitignore and use environment variables or a secrets manager instead.
  • Rotate keys if compromised. If you suspect a key has been leaked, delete it from the Dashboard immediately and create a new one.
  • Use one key per application. Generate separate keys for each project or environment (development, staging, production) so you can revoke access individually without affecting other services.

Verifying Your Key

To check that your API key is valid, make a request to the models endpoint. A successful response confirms your key is working.

curl https://api.embercloud.ai/v1/models \
  -H "Authorization: Bearer YOUR_API_KEY"

If the key is invalid, the API returns a 401 status with an authentication_error type. See Error Handling for details.