Skip to main content

API Keys

Egg API uses API keys for authentication. Each request must include your API key in the Authorization header.

Getting Your API Key

1

Sign up

Create an account at eggapi.ai
2

Go to Dashboard

Navigate to the API Keys section
3

Create a Key

Click “Create API Key” and give it a descriptive name
4

Copy and Store

Copy your key immediately - it won’t be shown again

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix: 
curl https://api.eggapi.ai/v1/generate \
  -H "Authorization: Bearer egg_sk_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"model": "nanobanana", "prompt": "..."}'

Security Best Practices

Never expose your API key in client-side code, public repositories, or share it with others.

Do’s

  • Store API keys in environment variables
  • Use server-side code to make API calls
  • Rotate keys periodically
  • Create separate keys for different environments (dev, staging, prod)

Don’ts

  • Hardcode API keys in your source code
  • Commit API keys to version control
  • Share API keys in chat or email
  • Use the same key for all environments

Environment Variables

Store your API key in an environment variable:
.env
EGGAPI_API_KEY=egg_sk_your_api_key_here
Access it in your code: 
import os
import requests

api_key = os.environ.get("EGGAPI_API_KEY")

response = requests.post(
    "https://api.eggapi.ai/v1/generate",
    headers={"Authorization": f"Bearer {api_key}"},
    json={...}
)

Authentication Errors

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}
Common causes:
  • Missing Authorization header
  • Missing Bearer prefix
  • Invalid or revoked API key
  • Typo in the API key

Managing API Keys

From your dashboard, you can:
  • Create new API keys
  • View existing keys (partial display only)
  • Revoke compromised keys
  • Track usage per key
If you suspect your API key has been compromised, revoke it immediately and create a new one.