Authentication
How to authenticate with the WriftAI API using Access Tokens
WriftAI's API uses Access Tokens for authentication.
Create an Access Token
Access Tokens can be created and revoked from the Access Tokens page in your dashboard.
Access Tokens should be kept secret! Do not share them or expose them in client-side code (browsers, apps). Tokens should be securely stored and loaded from environment variables or a secret manager.
Most API endpoints require an Access Token to authenticate. Include your Access Token in the Authorization HTTP header using the Bearer scheme:
Authorization: Bearer WRIFTAI_ACCESS_TOKENSome endpoints are public, and do not require authentication, but using an Access Token with these endpoints may give you higher rate limits. For details, see the Rate Limits documentation.
Example Request
First, create an Access Token and set it as an environment variable:
export WRIFTAI_ACCESS_TOKEN=your_access_tokenThen include the token in the Authorization header when making requests:
curl "https://api.wrift.ai/v1/models/deepseek-ai/deepseek-r1/predictions" \
-H "Authorization: Bearer $WRIFTAI_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"input": {
"prompt": "Summarize quantum computing in one simple sentence."
}
}'Authentication with Official Clients
See the reference for each WriftAI client to learn how to make authenticated requests with it.
Best Practices
- Store your Access Tokens securely and do not check them into source control.
- Use different tokens for different environments (development, staging, production).
- If a token leaks, immediately revoke it from the dashboard.