Boundless API
  • Product
  • Models
  • Pricing
  • Status
  • Docs
EN中
Get $5 on signup

Authentication

Boundless API uses API keys passed as Bearer tokens.

On this page
  1. API Keys
  2. Multiple Keys
  3. Rotating Keys
  4. Key Compromise
  5. OAuth (Dashboard Only)
  6. Rate Limiting
  7. Related
Live model IDs

Copy exactly — case-sensitive, no spaces. Details →

  • claude-sonnet-4-6
  • claude-opus-4-8
  • claude-opus-4-7
  • claude-haiku-4-5-20251001
  • gpt-5.5
  • gpt-5.4
Full catalog →

Boundless API uses API keys passed as Bearer tokens.


API Keys

Creating Keys

Dashboard → API Keys → Create Key

  • Keys start with sk-
  • Shown once at creation — store securely
  • Name keys by environment: prod-app, dev-local

Using Keys

Authorization: Bearer sk-your-api-key-here

Never expose keys in:

  • Client-side JavaScript (browser)
  • Public GitHub repos
  • Mobile app binaries

Use a backend proxy for client-facing apps.


Multiple Keys

Create multiple keys per account:

Feature Description
Naming Identify purpose per key
Revocation Instant revoke without affecting other keys
Per-key spend limit Cap spend per key
Per-key model allowlist Restrict which models a key can call
Last used See last request timestamp

Rotating Keys

  1. Create new key
  2. Update your application config
  3. Verify traffic on new key
  4. Revoke old key

Zero-downtime rotation: run both keys briefly in parallel.


Key Compromise

If a key is leaked:

  1. Revoke immediately in Dashboard
  2. Create new key
  3. Review Activity log for unauthorized usage
  4. Email support@boundlessapi.com if fraudulent charges occurred

OAuth (Dashboard Only)

Google and GitHub OAuth are for dashboard login only, not API authentication.


Rate Limiting

Keys inherit account rate limits. See Rate Limits.


Related

  • Quickstart
  • API Reference
  • Data Policy

© 2026 Boundless API · Home · Privacy Policy · Terms