Start
Authentication
Bearer keys, where to keep them, and how to correlate requests when something goes wrong.
Every /v1/* endpoint authenticates with an API key. Send it as a bearer token (preferred):
curl -s https://api.kalpalabs.ai/v1/models \
-H "Authorization: Bearer $KALPA_API_KEY"or, where headers are awkward to compose, as X-API-Key:
curl -s https://api.kalpalabs.ai/v1/models -H "X-API-Key: $KALPA_API_KEY"A missing or invalid key returns 401 in the standard envelope:
{ "error": { "type": "authentication_error", "message": "Invalid API key.", "request_id": "…" } }Keys
- Keys are provisioned per team while the API is in early access — write to [email protected] to get one, rotate one, or raise its limits.
- Each key carries its own rate limits and its own usage meter.
- Treat the key like a password: call the API from your servers, not from browsers or shipped apps. If a key leaks, ask us to rotate it.
Request IDs
Every response carries an X-Request-ID header, echoed into error envelopes and our logs. Pass your own X-Request-ID header to correlate with your systems, and include the id when reporting a problem.