Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tokmodel.com/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the TokModel API must include your API key in the Authorization header. TokModel uses the standard Bearer token scheme, which is the same format used by the OpenAI API — so if you’re migrating an existing integration, your authentication code works without modification. You can create and manage API keys from the TokModel console.

Passing your API key

Include your API key as a Bearer token in the Authorization header of every request: 
Authorization: Bearer YOUR_API_KEY
The following examples show how to authenticate a chat completions request across common clients. 
curl https://tokmodel.com/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello"}]
  }'
When using the OpenAI SDK, setting api_key (Python) or apiKey (Node.js) is all you need — the SDK formats and sends the Authorization header on your behalf.

Error responses

TokModel returns standard HTTP status codes when authentication fails.

401 Unauthorized

Returned when your API key is missing or invalid. Check that the Authorization header is present and that the key value is correct. 
{
  "error": {
    "message": "Invalid or missing API key.",
    "type": "authentication_error",
    "code": 401
  }
}

403 Forbidden

Returned when your API key is valid but your account does not have sufficient credits to complete the request. Top up your balance from the console to resume making requests. 
{
  "error": {
    "message": "Insufficient credits. Please top up your account balance.",
    "type": "authorization_error",
    "code": 403
  }
}

Managing API keys

You can create, rename, and revoke API keys at any time from the API keys page in your console. Revoking a key immediately invalidates it — any requests using that key will receive a 401 response.
Keep your API keys private. Do not include them in client-side code, public repositories, or logs. If a key is exposed, revoke it immediately and generate a new one from the console.