# Authentication (/docs/authentication)


API Key Authentication [#api-key-authentication]

All requests to the Yunxin API must include a valid API key in the `Authorization` header using the Bearer token scheme:

```
Authorization: Bearer YOUR_API_KEY
```

Creating API Keys [#creating-api-keys]

1. Log in to your [Dashboard](/dashboard)
2. Navigate to **API Keys**
3. Click **Create API Key**
4. Give your key a descriptive name (e.g., "Production Server", "Development")
5. Copy and securely store the key — it will only be shown once

Key Permissions [#key-permissions]

Each API key inherits the permissions of your account:

| Account Type | Rate Limit | Models Available              |
| ------------ | ---------- | ----------------------------- |
| Free         | 10 RPM     | Free-tier models              |
| Basic        | 50 RPM     | All standard models           |
| Pro          | 100 RPM    | All models including premium  |
| Enterprise   | Unlimited  | All models + priority routing |

Key Management [#key-management]

You can manage your API keys from the Dashboard:

* **Revoke** — Immediately invalidate a compromised key
* **Regenerate** — Create a new key with the same configuration
* **View Usage** — Monitor per-key usage statistics

Security Best Practices [#security-best-practices]

<Callout type="error">
  Never expose your API key in client-side code, browser requests, or public repositories.
</Callout>

Do [#do]

* Store API keys in environment variables
* Use server-side proxy for API calls from frontend applications
* Rotate keys periodically
* Use separate keys for development and production
* Monitor key usage for anomalies

Don't [#dont]

* Hardcode API keys in source code
* Commit `.env` files to version control
* Share API keys over insecure channels
* Use the same key across all environments

Request Example [#request-example]

<Tabs items="[&#x22;cURL&#x22;, &#x22;Python&#x22;, &#x22;JavaScript&#x22;]">
  <Tab value="cURL">
    ```bash
    curl https://api.yuhuanstudio.com/v1/chat/completions \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer yx-abc123def456" \
      -d '{"model": "model-id", "messages": [{"role": "user", "content": "Hi"}]}'
    ```
  </Tab>

  <Tab value="Python">
    ```python
    import os
    from openai import OpenAI

    client = OpenAI(
        api_key=os.environ["YUNXIN_API_KEY"],
        base_url="https://api.yuhuanstudio.com/v1"
    )
    ```
  </Tab>

  <Tab value="JavaScript">
    ```javascript
    import OpenAI from "openai";

    const client = new OpenAI({
      apiKey: process.env.YUNXIN_API_KEY,
      baseURL: "https://api.yuhuanstudio.com/v1",
    });
    ```
  </Tab>
</Tabs>

Authentication Errors [#authentication-errors]

| HTTP Status | Error Code                 | Description                        |
| ----------- | -------------------------- | ---------------------------------- |
| 401         | `invalid_api_key`          | The API key is invalid or expired  |
| 401         | `missing_api_key`          | No API key was provided            |
| 403         | `key_revoked`              | The API key has been revoked       |
| 403         | `insufficient_permissions` | The key lacks required permissions |