Skip to main content

API Key Authentication

AGCloud API uses Bearer token authentication. All API requests must include your API key in the Authorization header.

Get Your API Key

  1. Sign up for a AGCloud account at Dashboard
  2. Navigate to the API Keys section in your Dashboard
  3. Generate a new API key
  4. Copy and securely store your API key
Keep Your API Key Secure
  • Never commit API keys to version control
  • Don’t share your API key publicly
  • Use environment variables to store keys
  • Rotate keys regularly for enhanced security

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer prefix: 
curl https://aiandgpu.com/v1/messages \
  -H "Authorization: Bearer <YOUR_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
   "model": "claude-haiku-4-5-20251001",
    "messages": [
        {
            "role":"user",
            "content": [{"type":"text","text": "Hello!"}]
        }
    ]
  }'

Envitonment Variables

Store your API key in environment variables instead of hardcoding it: 
export AGCLOUD_API_KEY="<YOUR_API_KEY>"

Using .env Files

For local development, use a .env file: 
# Install python-dotenv
from dotenv import load_dotenv
import os

load_dotenv()
api_key = os.getenv("AGCLOUD_API_KEY")
Important! Remember add .env to your .gitignore file to prevent accidentally committing secrets.

Authentication Errors

Common Error Responses(Claude Code)

400 Invalid Request
error
The request body is malformed or contains invalid parameters. Common causes include: missing required fields (e.g. model, messages, max_tokens), incorrect data types, invalid JSON syntax, or unsupported parameter values. Please review your request payload and ensure it conforms to the API specification.
{
    "type": "error",
    "error": {
      "type": "invalid_request_error",
      "message": "Invalid request error"
    }
}
401 Unauthorized
error
Authentication failed. This typically occurs when the API key is missing from the Authorization header, the key format is incorrect, or the key has been revoked or expired. Ensure your request includes a valid API key in the header as Authorization: <YOUR_API_KEY>.
{
    "type": "error",
    "error": {
      "type": "authentication_error",
      "message": "Authentication error"
    }
}
402 Insufficient Balance
error
Your account balance is not enough to process this request. API calls are charged based on token usage, and your current balance cannot cover the cost. Please top up your account at the Dashboard before continuing to use the service.
{
    "type": "error",
    "error": {
      "type": "insufficient_balance",
      "message": "Your current account balance is insufficient"
    }
}
403 Permission Denied
error
Your account has exceeded its allocated usage quota. This may be a daily, monthly, or total usage limit depending on your plan. Please check your current quota and usage in the Dashboard, or contact support to upgrade your plan.
{
    "type": "error",
    "error": {
      "type": "quota_exceeded",
      "message": "Quota exceeded"
    }
}
429 Too Many Requests
error
Too many requests in a short period of time. The API enforces rate limits to ensure fair usage and service stability. Please wait a moment and retry your request. We recommend implementing exponential backoff in your client to handle rate limiting gracefully.
{
    "type": "error",
    "error": {
      "type": "rate_limit_error",
      "message": "Rate limit exceeded"
    }
}
500 Internal Server Error
error
The server encountered an unexpected condition that prevented it from fulfilling the request. Please try again later or contact support if the problem persists.
{
    "type": "error",
    "error": {
      "type": "internal_server_error",
      "message": "Internal server error"
    }
}

Best Practices

Always store API keys in environment variables, never in your source code
Regularly rotate your API keys to minimize security risks. Generate new keys and update your applications before revoking old ones.
Use sepatate API Keys for development, staging, and production environments.
Regularly check your API usage in dashboard to detect any on rasks.
Implement client-side rate limiting to avoid hitting API rate limits

API Key Management

Generating New Keys

  1. Log in to your Dashboard
  2. Navigate to API Keys
  3. Click Generate New Key
  4. Give your key a descriptive name
  5. Copy the key immediately (you won’t be able to see it again)

Revoking Your API Keys

If you suspect your API key has been compromised:
  1. Go to your Dashboard
  2. Find the compromised key in the API Keys section
  3. Click Revoke
  4. Generate a new key and update your applications
Set up key expiration policies to automatically rotate keys after a specified period.

Customer Support

If you’re experiencing authentication issues:
  • Check that your API key is correctly formatted
  • Verify your key hasn’t been revoked
  • Ensure you’re using the correct API endpoint
  • Contact [info@thousandcloud.com]for help