Get started
Authentication
Every Kiara API request carries an Authorization: Bearer … header. Keys are minted in the dashboard and never re-shown after creation.
Key shape
Bearer tokens
Live keys have the shape kiara_live_… and count against your balance. Sandbox keys have the shape kiara_test_… and run free, never charging credits. New accounts start with a zero balance — top up credits with crypto before running live generations.
Where to put it
Server-side only
Customer backends only. Never ship a Kiara key inside a browser bundle or a mobile app binary. Origin and IP restrictions below are defense in depth, not a substitute.
Defense in depth
Allowed origins & IPs
Each key supports an allowed-origin list and an allowed-IP list. Set them in /dashboard/keys. A request from an unlisted origin receives 403 origin_not_allowed; an unlisted IP receives 403 ip_not_allowed.
Rotation
Rotate keys
Create the new key, deploy it everywhere, then revoke the old one. Revoked keys return 401 authentication_failed immediately — there is no grace period.