Authentication

Learn how to authenticate your API requests using API keys and secure your Prompt Forge integrations.

API Keys

Prompt Forge uses API keys to authenticate requests to the GraphQL API. Each API key is associated with your user account and inherits your permissions and access levels.

Treat your API keys like passwords. Never commit them to version control or expose them in client-side code.

Creating an API Key

To create a new API key:

  1. Navigate to your dashboard
  2. Click on your user menu in the bottom-right corner
  3. Select "API Keys"
  4. Click "Create New Key"
  5. Give your key a descriptive name
  6. Copy and store the key securely
The API key will only be displayed once. If you lose it, you'll need to create a new one.

Using API Keys

HTTP Header

Include your API key in the Authorization header of every request using the Bearer authentication scheme:

POST /v1 HTTP/1.1
Host: api.promptforge.sh
Authorization: Bearer your-api-key-here
Content-Type: application/json

cURL Example

curl -X POST https://api.promptforge.sh/v1 \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"{ me { id email } }"}'

JavaScript Example

const API_KEY = process.env.PROMPTFORGE_API_KEY;

const response = await fetch('https://api.promptforge.sh/v1', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    query: `
      query GetMe {
        me {
          id
          email
          name
        }
      }
    `
  })
});

const { data, errors } = await response.json();

if (errors) {
  console.error('GraphQL errors:', errors);
} else {
  console.log('User:', data.me);
}

Python Example

import os
import requests

API_KEY = os.environ['PROMPTFORGE_API_KEY']
GRAPHQL_URL = 'https://api.promptforge.sh/v1'

headers = {
    'Authorization': f'Bearer {API_KEY}',
    'Content-Type': 'application/json'
}

query = """
query GetMe {
  me {
    id
    email
    name
  }
}
"""

response = requests.post(
    GRAPHQL_URL,
    json={'query': query},
    headers=headers
)

data = response.json()
print('User:', data['data']['me'])

Best Practices

Use Environment Variables

Store API keys in environment variables, never hardcode them in your source code.

# .env file
PROMPTFORGE_API_KEY=your-api-key-here

Rotate Keys Regularly

Create new API keys periodically and delete old ones to minimize security risks.

Use Different Keys for Different Environments

Create separate API keys for development, staging, and production environments.

Monitor API Key Usage

Regularly review your API key usage in the dashboard to detect any unusual activity.

Error Handling

If authentication fails, the API will return a 401 Unauthorized response:

{
  "errors": [
    {
      "message": "Unauthorized",
      "extensions": {
        "code": "UNAUTHENTICATED"
      }
    }
  ]
}

Common authentication errors:

  • Missing Authorization header
  • Invalid API key format
  • Expired or deleted API key
  • API key doesn't have required permissions

Revoking API Keys

If you suspect an API key has been compromised, revoke it immediately:

  1. Navigate to the API Keys page
  2. Find the compromised key in the list
  3. Click the "Delete" button
  4. Create a new API key to replace it
Deleting an API key immediately revokes access. Any applications using that key will receive authentication errors until updated with a new key.