Authentication

Learn how to authenticate your API requests

API Key Format

All API keys start with the prefix `sk-` followed by a unique identifier. Keep your API key secure and never expose it in client-side code.

Making Authenticated Requests

Include your API key in the `Authorization` header using the Bearer token format:

curl https://gateway.nanobananapro.site/api/v1/account/balances \
  -H "Authorization: Bearer sk-your-api-key"

Security Best Practices

Never expose your API key in client-side code or public repositories
Use environment variables to store your API key
Create separate API keys for different environments (development, staging, production)
Rotate your API keys periodically
Monitor your API usage for any suspicious activity

Error Handling

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "success": false,
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}