UnifAPI Docs

Authentication

API keys, headers, and rotation.

All requests authenticate with a single bearer token.

Authorization: Bearer $UNIFAPI_KEY

API keys

  • Keys are workspace-scoped — every team member sees the same usage and billing.
  • Rotate any key from the dashboard. Old keys keep working for 24 hours after rotation, then 401.
  • Keys never expire on their own. Rotate them if you suspect a leak.

The gateway forwards your key verbatim as the upstream provider's bearer token, so the same key is what authorizes both UnifAPI and the underlying API.

Never commit a live key. UnifAPI scans public GitHub for leaked keys and revokes them automatically — but you'll have downtime.

Errors

A 401 means the key is missing, malformed, or rejected by the upstream:

{
  "error": {
    "type": "unauthorized",
    "message": "Upstream rejected the API token",
    "request_id": "tikhub-..."
  }
}

See Errors for the full vocabulary.

OAuth 2.0 (roadmap)

OAuth is on the roadmap. See /.well-known/oauth-protected-resource for the current state of the discovery endpoint.

Core concepts

The vocabulary used across the gateway, schemas, and pagination.

Errors

Every error UnifAPI returns, what it means, and how to recover.

On this page

API keysErrorsOAuth 2.0 (roadmap)