Authentication
All /api/v1 endpoints require a Bearer API key.
Authorization Header
Send your key in the Authorization header:
Authorization: Bearer sk_live_your_key_here
If the header is missing or invalid, the API returns:
{ "error": "Missing Authorization Bearer token" }
or:
{ "error": "Invalid API key" }
Create and Manage API Keys
Create, list, and revoke keys from:
https://armox.ai/app/settings/api-keys
Each key has:
namekey_prefixexpires_at(optional)rate_limit_per_minuteis_active
Important: full key values are shown only once at creation time.
Key Format
Armox API keys use this prefix:
sk_live_...
Treat keys like passwords.
Request Examples
cURL
curl -X GET "https://armox.ai/api/v1/models" \
-H "Authorization: Bearer sk_live_your_key_here"
JavaScript (fetch)
const response = await fetch("https://armox.ai/api/v1/models", {
method: "GET",
headers: {
Authorization: "Bearer sk_live_your_key_here",
},
});
const data = await response.json();
console.log(data);
Python
import requests
response = requests.get(
"https://armox.ai/api/v1/models",
headers={"Authorization": "Bearer sk_live_your_key_here"},
)
print(response.status_code)
print(response.json())
Go
package main
import (
"fmt"
"net/http"
)
func main() {
req, _ := http.NewRequest("GET", "https://armox.ai/api/v1/models", nil)
req.Header.Set("Authorization", "Bearer sk_live_your_key_here")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
fmt.Println("Status:", resp.StatusCode)
}
Access Requirements
Public API access requires an eligible subscription:
- Agency
- Master / Business
- Enterprise
If the user account is not eligible, the API returns:
{
"error": "Public API access requires Agency, Master/Business, or Enterprise plan."
}
Security Best Practices
- Use one key per environment (development, staging, production)
- Rotate keys regularly
- Revoke compromised keys immediately
- Never expose API keys in frontend/browser code
- Store keys in server-side secret managers
- Restrict internal access by service/account