Authentication

How API keys work, validation expectations, and secure handling practices.

Every request to the Sellm API must include a valid API key. Sellm has two key scopes:

Sending your key

Include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer sellm_your_api_key_here

This header must be present on every request. Requests without a valid key receive a 401 Unauthorized response.

Key format

Sellm API keys follow a consistent format:

If you are building client-side validation, check that the value is non-empty, starts with sellm_, and does not contain leading or trailing whitespace.

Choosing a key scope

Use a project API key when your integration is working with one existing Sellm project:

Use an organization API key when your integration needs one-off analysis without creating projects:

Organization keys cannot read or mutate project-scoped resources such as /project, /prompts, or /settings. Project keys cannot override the brand name per call.

Security best practices

Verifying your key

The simplest way to confirm that a project key is valid is to call the project endpoint:

GET /project

A 200 response with your project details means the key is active and correctly configured. This is a lightweight read-only call that is safe to use as a health check.

For organization keys, submit a small async analysis request with a brandName. The request reserves credits using this formula:

credits = prompts × providers × locations × replicates

Common authentication errors

StatusCodeCause
401UNAUTHORIZEDThe key is missing, malformed, or has been revoked
403PROJECT_SCOPED_KEY_REQUIREDAn organization key was used on a project-scoped endpoint
403API_CREDITS_EXCEEDEDThe organization does not have enough prepaid API credits
403FORBIDDENThe key is valid but the action is blocked by plan constraints

If you receive a 401, verify that your Authorization header is formatted correctly and that the key has not been revoked in the dashboard. For 403 errors, check your current plan limits in the dashboard settings.