API Keys
API keys are the simplest way to authenticate with the GPTfake API. Each key is a secret bearer token tied to your account and plan tier. Send it in the Authorization header on every request.
Create a key
Generate keys from your account dashboard. Each key shows its plan tier, creation date, and last-used time. You can hold multiple keys — useful for separating environments (development, CI, production) so you can rotate one without disrupting the others.
Use a key
curl https://api.gptfake.com/v1/monitoring/chatgpt/metrics \
-H "Authorization: Bearer YOUR_API_KEY"In a SDK, pass the key to the client constructor:
from gptfake import GPTfakeClient
client = GPTfakeClient('YOUR_API_KEY')
metrics = client.get_metrics('chatgpt')Store keys safely
Never hardcode a key in source files or client-side JavaScript. Anyone with the key can consume your quota and read data under your plan.
Load keys from environment variables instead:
export GPTFAKE_API_KEY="your_api_key"import os
from gptfake import GPTfakeClient
client = GPTfakeClient(os.environ["GPTFAKE_API_KEY"])Rotate and revoke
- Rotate keys on a schedule. Create the new key, deploy it, then revoke the old one — zero downtime.
- Revoke immediately if a key is leaked. Revoked keys stop working at once and return
401 Unauthorized.
Rate limits per key
Each key inherits the limits of its plan tier:
| Tier | Requests/Hour |
|---|---|
| Free | 100 |
| Researcher | 1,000 |
| Pro | 10,000 |
| Enterprise | Custom |
When you exceed the limit the API returns 429 with a retry_after value (seconds):
{
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Rate limit exceeded",
"retry_after": 3600
}
}Next steps
- Need delegated, per-user access? See OAuth 2.0.
- Back to Authentication overview.