API Reference

Authentication

API Authentication for A4F Services.

A4F API requests are authenticated using Bearer tokens. This token is your unique A4F API key, which allows you to access our services and the underlying models.

Key Security

Your API key carries many privileges; be sure to keep it secret! Do not share it in publicly accessible areas such as GitHub, client-side code, and so forth.

Using an A4F API Key

To use the A4F API, you first need to generate an API key from your A4F dashboard. Give your key a descriptive name. A4F currently supports one API key per account.

If you're calling the A4F API directly (e.g., via cURL or a custom HTTP client), include your API key in the Authorization header as a Bearer token:

Authorization: Bearer YOUR_A4F_API_KEY

If you're using an OpenAI-compatible SDK (like OpenAI's Python or TypeScript libraries), you typically set the API key when initializing the client and point the base_url to A4F's endpoint (https://api.a4f.co/v1).

import requests
import json

A4F_API_KEY = "A4F_API_KEY"
A4F_API_ENDPOINT = "https://api.a4f.co/v1/chat/completions"

headers = {
    "Authorization": f"Bearer {A4F_API_KEY}",
    "Content-Type": "application/json"
}

payload = {
    "model": "provider-1/chatgpt-4o-latest",
    "messages": [{"role": "user", "content": "Hello A4F!"}]
}

response = requests.post(A4F_API_ENDPOINT, headers=headers, json=payload)
print(response.json())

If your key has been exposed

Protect Your API Key

You must protect your API keys and never commit them to public repositories or include them directly in client-side code.

A4F does not currently implement automatic secret scanning for GitHub or other public repositories. It is your responsibility to safeguard your API key.

If you believe your A4F API key has been compromised or exposed:

Immediately visit your API Keys page on the A4F dashboard.
Since A4F currently supports one key per account, if your key is compromised, you should understand that any usage on that key might be unauthorized. For future enhancements where multiple keys might be supported, you would typically "revoke" or "delete" the compromised key.
Currently, if your single key is compromised, you should assess the situation. If you need a new key, this might involve steps like ensuring your account is secure and then, if necessary, contacting support for guidance on key rotation if that feature becomes available, or taking steps to secure your existing key's usage.

Using environment variables for your API keys and keeping them out of your codebase is strongly recommended for security.

Was this page helpful?

Limits

Understand rate limits for A4F API usage.

Parameters

Learn about supported API request parameters.