MythIQ

Command Palette

Search for a command to run...

MCPsModelsProvidersCreateGalleryDocs

Authentication

Learn how to authenticate your requests to the MythIQ API.

Overview

The MythIQ API uses API keys for authentication. Every request to the API must include your API key in the Authorization header. This ensures that only authorized users can access the API and that usage can be properly tracked and billed.

Secure Authentication

Your API key is a secret that grants access to the API on your behalf. Always store it securely and never include it in client-side code or public repositories.

Obtaining an API Key

To obtain an API key, you need to:

  1. Create an account on MythIQ
  2. Navigate to the API Keys section in your account settings
  3. Click "Create New API Key" and provide a name for the key
  4. Copy the generated API key (it will only be shown once)

API Key Security

Your API key is a secret that grants access to the API on your behalf. Never share your API key publicly or include it in client-side code. Always store it securely and use environment variables or secure vaults to manage it in your applications.

Using Your API Key

To authenticate your API requests, include your API key in the Authorization header using the Bearer token format:

Authorization: Bearer YOUR_API_KEY

cURL Example

bash
curl https://api.mythiq.ai/v1/models \
  -H "Authorization: Bearer YOUR_API_KEY"

JavaScript/TypeScript Example

typescript
import OpenAI from 'openai';

const openai = new OpenAI({
  baseURL: 'https://api.mythiq.ai/v1',
  apiKey: 'YOUR_API_KEY', // The SDK automatically adds the Authorization header
});

// Make API requests
const response = await openai.images.generate({
  model: 'stability/sdxl',
  prompt: 'A beautiful sunset over the ocean',
});

Python Example

python
from openai import OpenAI

client = OpenAI(
    base_url="https://api.mythiq.ai/v1",
    api_key="YOUR_API_KEY"  # The SDK automatically adds the Authorization header
)

# Make API requests
response = client.images.generate(
    model="stability/sdxl",
    prompt="A beautiful sunset over the ocean"
)

Fetch API Example

javascript
// Using the Fetch API directly
const response = await fetch('https://api.mythiq.ai/v1/models', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});

const data = await response.json();
console.log(data);

API Key Management

MythIQ provides several features to help you manage your API keys securely:

Multiple API Keys

You can create multiple API keys for different applications or environments (e.g., development, staging, production). This allows you to:

  • Revoke keys individually if they're compromised
  • Track usage and costs separately for different applications
  • Apply different rate limits or permissions to different keys

Key Rotation

It's a good security practice to rotate your API keys periodically. To rotate a key:

  1. Create a new API key
  2. Update your applications to use the new key
  3. Revoke the old key once all applications are updated

Usage Monitoring

You can monitor the usage of your API keys in the MythIQ dashboard. This includes:

  • Request volume over time
  • Cost breakdown by endpoint and model
  • Error rates and types

Authentication Errors

If there's an issue with your API key, you'll receive one of the following error responses:

Missing API Key

If you don't include an API key in your request, you'll receive a 401 Unauthorized response:

json
{
  "success": false,
  "message": "API key is missing",
  "code": "authentication_error"
}

Invalid API Key

If you provide an API key that doesn't exist or has been revoked, you'll receive a 401 Unauthorized response:

json
{
  "success": false,
  "message": "Invalid API key",
  "code": "authentication_error"
}

Insufficient Permissions

If your API key doesn't have permission to access a particular resource, you'll receive a 403 Forbidden response:

json
{
  "success": false,
  "message": "API key does not have permission to access this resource",
  "code": "permission_error"
}

Best Practices

Secure Storage

Store your API keys securely:

  • Use environment variables or secure vaults (like AWS Secrets Manager or HashiCorp Vault)
  • Never hardcode API keys in your source code
  • Don't include API keys in client-side code or mobile apps

Backend Proxy

For web applications, use a backend proxy to make API requests:

  • Your frontend makes requests to your backend
  • Your backend adds the API key and forwards the request to MythIQ
  • This keeps your API key secure and allows you to implement additional controls

Regular Auditing

Regularly audit your API key usage:

  • Monitor for unusual patterns or spikes in usage
  • Review which applications and services are using each key
  • Revoke unused or suspicious keys immediately