Skip to main content

API Key Authentication

All requests to the Firemoon Studio API require authentication using an API key in the Authorization header.

Getting Your API Key

  1. Contact us at contact@firemoon.studio
  2. Include your use case and expected usage volume
  3. Receive your API key via email
Keep your API key secure and never share it publicly.

Using Your API Key

Include the API key in the Authorization header with the Bearer prefix: 
Authorization: Bearer your_api_key_here

Example Requests

cURL

curl -X POST https://firemoon.studio/api/v1/flux/dev \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "A beautiful sunset"}'

JavaScript

const response = await fetch('https://firemoon.studio/api/v1/flux/dev', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer your_api_key_here',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    prompt: 'A beautiful sunset'
  })
});

Python

import requests

response = requests.post(
    'https://firemoon.studio/api/v1/flux/dev',
    headers={
        'Authorization': 'Bearer your_api_key_here',
        'Content-Type': 'application/json'
    },
    json={'prompt': 'A beautiful sunset'}
)

Security Best Practices

Environment Variables

Store your API key as an environment variable: 
# .env
FIREMOON_API_KEY=your_api_key_here

// JavaScript
const apiKey = process.env.FIREMOON_API_KEY;

# Python
import os
api_key = os.getenv('FIREMOON_API_KEY')

Key Rotation

  • Rotate API keys regularly (recommended: every 30-90 days)
  • Use different keys for different environments (dev/staging/prod)
  • Immediately revoke compromised keys

Monitoring

  • Monitor API usage in your dashboard
  • Set up alerts for unusual activity
  • Log authentication failures

Test Keys

For development and testing, you can use these test API keys:
KeyDescriptionRate LimitProviders
test_key_12345Full access test key60 req/minAll providers
demo_key_67890Limited access key30 req/minflux, ideogram only
Test keys are for development only and should not be used in production.

Troubleshooting

401 Unauthorized

  • Verify your API key is correct
  • Check that you’re using the Bearer prefix
  • Ensure the key hasn’t expired

403 Forbidden

  • Confirm your key has access to the requested provider
  • Check if you’ve exceeded rate limits
  • Verify your account is in good standing

Support

Need help with authentication? Contact us at contact@firemoon.studio.