Authentication

Secure access

Authentication

Use Omixa API keys as Bearer tokens, keep them server-side, scope them to allowed models, and rotate them whenever access changes.

API keys

Developer keys start with the Omixa prefix and are displayed only once. Store the value in your secret manager and never ship it to a browser or mobile client.

  • Create keys from Dashboard -> API Keys.
  • Use separate keys for production, staging, and tests.
  • Revoke keys immediately when a deployment, employee, or vendor no longer needs access.

Authorization header

Every API request must include the Bearer token.

Example
Authorization: Bearer omx_live_your_key
Content-Type: application/json

Model restrictions

If a key is restricted to specific models, Omixa rejects all other models before wallet reservation. This lets teams safely expose limited capabilities to applications or customers.

Copied Markdown