Authenticate with an API key

Every request to PlainField is authenticated with an API key. This guide shows how to create a key, send it with your requests, and manage keys over time.

1. Create a key

In the dashboard, open Keys → API Keys and select Create key. Give it a descriptive name (for example, production or staging) and select Generate.

The full key — in the form pt_live_... — is shown once. Copy it immediately and store it in a secret manager or environment variable. PlainField stores only a hash of the key, so it cannot be shown again. If you lose it, revoke it and create a new one.

2. Send the key

Include the key as a bearer token on every request.

curl -X POST https://api.plainfield-ai.com/ai/chat/completions \
  -H 'Authorization: Bearer pt_live_...' \
  -H 'Content-Type: application/json' \
  -d '{
    "model": "openai/gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

With the OpenAI SDK, pass the key as apiKey:

const client = new OpenAI({
  baseURL: 'https://api.plainfield-ai.com/ai',
  apiKey: process.env.PLAINFIELD_API_KEY
})

The same key also authenticates the REST API (/api/logs, /api/costs). See Read your logs and costs.

3. Manage keys

Back in Keys → API Keys, each key shows its name, prefix, creation date, and last-used date.

• Revoke a key to disable it immediately. Requests using it start returning 401.
• Create separate keys per environment or service so you can revoke one without affecting the others.

Best practices

• Never commit a key to source control or expose it in client-side code. Treat it like a password.
• Use one key per application or environment.
• Rotate keys periodically: create a new one, switch your app over, then revoke the old one.

Common errors

Next steps

• Send your first authenticated request: Quickstart
• Read usage with the same key: Read your logs and costs