Authentication
Authenticate OpenToken API requests with a Bearer workspace key.
Every request to https://api.opentoken.kr/v1 requires a workspace API key sent as a Bearer token. Customer keys are prefixed with sk-optk- and are issued per workspace.
Authorization header
Send the key in the Authorization header on all /v1 endpoints, including POST /v1/chat/completions and GET /v1/models.
Authorization: Bearer sk-optk-...curl https://api.opentoken.kr/v1/models \
-H "Authorization: Bearer $OPENTOKEN_API_KEY"Keep your key secret. Send it only from server-side code and never expose it in browsers, mobile clients, or committed source.
Errors
A missing, malformed, or invalid key returns 401 with type authentication_error. The response uses the standard OpenAI-compatible error envelope.
{
"error": {
"message": "invalid api key",
"type": "authentication_error",
"code": "invalid_key"
}
}The code distinguishes three cases: missing_auth (no or malformed Bearer header), invalid_key (unknown key), and expired_key (a key past its expires_at, message api key has expired) — so callers can tell an expired key from a bad one.
A valid key with an exhausted balance returns 402 with code insufficient_credit (type invalid_request_error), and a key that exceeds its configured spend limit returns 429 spend_limit_exceeded. See the full list in Errors.