Authentication
All Lumen API requests authenticate via Bearer tokens in the Authorization header. Keys look like lumen_sk_... and are issued from your dashboard or at signup.
Header
Authorization: Bearer lumen_sk_YOUR_KEY_HEREIssuing keys
You can have multiple keys per account — useful for separating dev/staging/production. From the dashboard, click + New key and label it.
curl -X POST https://lumen-api.eliteaiempire.com/v1/me/keys \
--cookie "lumen_session=YOUR_SESSION" \
-H "Content-Type: application/json" \
-d '{"label":"production"}'The plaintext key is returned once — we only store its SHA-256 hash. Save it immediately.
Revoking keys
curl -X DELETE https://lumen-api.eliteaiempire.com/v1/me/keys/123 \
--cookie "lumen_session=YOUR_SESSION"Revoked keys immediately stop authenticating (cache TTL: under a second).
Best practices
- Store keys in environment variables, never in source code
- Rotate keys quarterly
- Use one key per service so you can revoke surgically
- Set per-key budget caps (Pro+) to limit blast radius
What's authenticated by what
/v1/chat/completions,/v1/audit/*,/v1/usage,/v1/feedback— customer API key/v1/me/*— session cookie (set by logging in)/v1/admin/*— admin key (not exposed to customers)