Pinaivu authenticates every API request using an API key that you pass as a Bearer token in the Authorization header. There are no session cookies or OAuth flows — each request is independently authenticated. Keep your keys secret; anyone who holds a key can make requests billed to your account.
Getting an API Key
- Visit the dashboard at https://api.pinaivu.com and sign in.
- Navigate to API Keys in the left sidebar.
- Click Generate New Key and give it a descriptive name.
- Copy the key immediately and store it somewhere safe — it will not be shown again.
Pinaivu displays the full key only once at creation time. If you lose it, you must revoke the old key and generate a new one.
Using Your Key
Pass your key in the Authorization header on every request:
Authorization: Bearer sk-pnv-...
curl https://api.pinaivu.com/v1/models \
-H "Authorization: Bearer sk-pnv-..."
Security Best Practices
- Use environment variables. Store your key in an environment variable such as
PINAIVU_API_KEY and read it at runtime. Never hard-code it in source files.
- Rotate compromised keys immediately. If a key is exposed, revoke it from the dashboard and replace it before an attacker can use it.
- Never expose keys in client-side code. Browser JavaScript, mobile apps, and any code that ships to end users can be inspected. Route all Pinaivu API calls through a server you control.
- Scope keys by use case. Generate separate keys for development, staging, and production so you can revoke one without affecting the others.
Authentication Errors
| Status | Error | Cause |
|---|
401 | Unauthorized | The Authorization header is missing, the token format is invalid, or the key has been revoked. |
403 | Forbidden | The key is valid but does not have permission to perform this operation. |