Authentication
RouteAPI uses Bearer Token authentication. Every API request must include a valid Token in the Authorization request header.
Request header format
Section titled “Request header format”Authorization: Bearer sk-your-routeapi-tokenExample:
curl https://www.routeapi.ai/v1/models \ -H "Authorization: Bearer $ROUTEAPI_KEY"Create an API Token
Section titled “Create an API Token”- Log in to the RouteAPI console.
- Open the API Keys page.
- Create a new token.
- Set the name, quota, access permissions, and expiration time as needed.
- Save the token and use it only on the server side or in a secure environment.
Token and permissions
Section titled “Token and permissions”A Token is usually affected by the following configuration:
| Configuration | Effect |
|---|---|
| User balance | Requests may return 402 when balance is insufficient |
| Token quota | A single Token can have an independent quota or expiration time |
| Rate limit | Returns 429 after being triggered |
Security recommendations
Section titled “Security recommendations”- Do not expose Tokens in frontend code, public repositories, or plaintext mobile configuration.
- Prefer environment variables when calling from server-side code.
- Disable or delete leaked Tokens immediately and generate new ones.
- Create different Tokens for different applications to simplify auditing and limits.
- Set low quotas and expiration times for temporary test Tokens.
Common authentication errors
Section titled “Common authentication errors”| Status code | Common cause | Handling |
|---|---|---|
| 401 | Missing Token, typo, or deleted Token | Check the Authorization header |
| 402 | Insufficient balance or quota exhausted | Recharge, raise quota, or use another Token |
| 429 | Rate limit triggered | Reduce concurrency and check user or Token rate limits |