Huddle01 Cloud
API Keys

API Keys

Create and manage API keys for programmatic access to the GPU API.

The API Keys API lets you create and manage authentication credentials for the GPU API. Every request to the API must include a valid API key. You receive your first key when you register, and can create additional keys for different applications or team members.

Base URL: https://gpu.huddleapis.com/api/v1

Authentication

Include your API key in every request using one of these methods:

# Option 1: X-API-Key header (recommended)
curl -H "X-API-Key: mk_your_key_here" \
  https://gpu.huddleapis.com/api/v1/billing/balance

# Option 2: Bearer token in Authorization header
curl -H "Authorization: Bearer mk_your_key_here" \
  https://gpu.huddleapis.com/api/v1/billing/balance

API keys use the mk_ prefix (e.g., mk_4929de1f505b514f84988e4992cd23da...).

Create a New Key

curl -X POST -H "X-API-Key: mk_your_key" \
  -H "Content-Type: application/json" \
  -d '{"name": "ci-pipeline"}' \
  https://gpu.huddleapis.com/api/v1/api-keys

Response:

{
  "code": "OK",
  "data": {
    "id": "ak_abc123",
    "name": "ci-pipeline",
    "prefix": "mk_4929de1f...",
    "secret": "mk_4929de1f505b514f84988e4992cd23da7e6a89d3fc3d96a6518b47b05da8f8df",
    "created_at": "2026-04-03T10:00:00Z"
  }
}

Save your secret immediately

The full API key secret is returned only once at creation time. It cannot be retrieved later. Store it securely — if you lose it, you'll need to create a new key.

List Your Keys

curl -H "X-API-Key: mk_your_key" \
  https://gpu.huddleapis.com/api/v1/api-keys

Response:

{
  "code": "OK",
  "data": [
    {
      "id": "ak_abc123",
      "name": "ci-pipeline",
      "prefix": "mk_4929de1f...",
      "created_at": "2026-04-03T10:00:00Z"
    }
  ]
}

Note: the full secret is never shown in list responses — only the prefix for identification.

Revoke a Key

curl -X DELETE -H "X-API-Key: mk_your_key" \
  https://gpu.huddleapis.com/api/v1/api-keys/ak_abc123

Revoking a key is permanent and immediate. Any requests using that key will receive 401 Unauthorized.

Security Best Practices

  • Never commit API keys to version control. Use environment variables or secret managers.
  • Use separate keys for different applications (e.g., one for CI/CD, one for local dev).
  • Revoke keys you no longer need or that may have been compromised.
  • Rotate keys periodically — create a new key, update your applications, then revoke the old one.
  • Never share keys in plain text over email, Slack, or other messaging platforms.

Next Steps

Delete SSH key DELETE

Previous Page

Create API key POST

Next Page

On this page

AuthenticationCreate a New KeyList Your KeysRevoke a KeySecurity Best PracticesNext Steps