🔨 In Development — This section is still being developed and may change.
Freddy API supports two authentication methods: API keys and Bearer tokens. Both methods provide secure access to the API endpoints.
API keys are the primary authentication method for Freddy API. They provide simple, long-lived access to your account.
- Visit Freddy Hub
- Sign in to your account
- Navigate to API Keys section
- Generate a new API key
- Copy and store the key securely
Include the API key in the request header:
api-key: YOUR_API_KEY_HEREcurl https://api.freddy.aitronos.com/v1/models \
-H "api-key: $FREDDY_API_KEY"import requests
response = requests.get(
"https://api.freddy.aitronos.com/v1/models",
headers={"api-key": api_key}
)const response = await fetch('https://api.freddy.aitronos.com/v1/models', {
headers: {
'api-key': process.env.FREDDY_API_KEY
}
});Bearer tokens provide session-based authentication with automatic expiration and refresh capabilities.
Bearer tokens are obtained through the authentication endpoints:
- Use your API key credentials to authenticate
- Receive a JWT token in response
- Include the token in subsequent requests
Include the Bearer token in the Authorization header:
Authorization: Bearer YOUR_JWT_TOKEN_HEREcurl https://api.freddy.aitronos.com/v1/models \
-H "Authorization: Bearer $FREDDY_JWT_TOKEN"import requests
response = requests.get(
"https://api.freddy.aitronos.com/v1/models",
headers={"Authorization": f"Bearer {jwt_token}"}
)const response = await fetch('https://api.freddy.aitronos.com/v1/models', {
headers: {
'Authorization': `Bearer ${process.env.FREDDY_JWT_TOKEN}`
}
});- Environment Variables: Store API keys in environment variables, never in code
- Key Rotation: Regularly rotate your API keys for enhanced security
- Minimal Permissions: Create separate keys for different applications/use cases
- Secure Storage: Never commit API keys to version control
- Token Storage: Store tokens securely in memory or secure cookie storage
- Automatic Refresh: Implement automatic token refresh before expiration
- Secure Transmission: Always use HTTPS for API requests
- Token Revocation: Implement proper logout to invalidate tokens
- HTTPS Only: Always use HTTPS for all API requests
- Request Validation: Validate all input parameters on both client and server
- Rate Limiting: Implement client-side rate limiting to avoid hitting API limits
- Error Handling: Don't expose sensitive information in error messages
401 Unauthorized
- Missing authentication header
- Invalid or expired API key/token
- Account suspended or disabled
403 Forbidden
- Valid authentication but insufficient permissions
- API key doesn't have access to the requested resource
Authentication method may affect rate limits:
- API keys: Standard rate limits apply
- Bearer tokens: May have different limits based on account type
Check Rate Limiting for detailed information.
- "Invalid API key": Verify the key is correct and not expired
- "Missing authentication": Ensure you're including the proper header
- "Insufficient permissions": Check if your key has access to the endpoint
- "Account suspended": Contact support if your account is disabled
- Check your Freddy Hub dashboard for account status
- Review API key permissions and usage
- Contact support@aitronos.com for assistance