Authentication
All requests to the OpenTyphoon.ai API require authentication. This page explains how to obtain an API key, securely use it in your applications, and manage your API keys.
Getting an API Key
To obtain an API key:
- Sign up for an account at OpenTyphoon.ai
- Log in to your account
- Navigate to the API Keys section in your dashboard
- Click “Create new API key”
- Give your API key a descriptive name (e.g., “Development”, “Production”, etc.)
- Copy your API key and store it securely - it won’t be shown again!
Using Your API Key
To authenticate your API requests, include your API key in the Authorization header using the Bearer token scheme:
Authorization: Bearer <YOUR_API_KEY>Example with cURL
curl --location 'https://api.opentyphoon.ai/v1/chat/completions' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer <YOUR_API_KEY>' \ --data '{ "model": "typhoon-v2-70b-instruct", "messages": [{"role": "user", "content": "Hello"}] }'Example with Python
from openai import OpenAI
client = OpenAI( api_key="<YOUR_API_KEY>", base_url="https://api.opentyphoon.ai/v1")
response = client.chat.completions.create( model="typhoon-v2-70b-instruct", messages=[{"role": "user", "content": "Hello"}])Example with JavaScript
import OpenAI from 'openai';
const openai = new OpenAI({ apiKey: '<YOUR_API_KEY>', baseURL: 'https://api.opentyphoon.ai/v1',});
async function callAPI() { const response = await openai.chat.completions.create({ model: 'typhoon-v2-70b-instruct', messages: [{ role: 'user', content: 'Hello' }], }); console.log(response.choices[0].message.content);}API Key Security Best Practices
To keep your API key secure:
-
Never expose your API key in client-side code - API keys should only be used in server-side code where end users cannot access them.
-
Use environment variables - Store your API key as an environment variable instead of hardcoding it in your application.
# Python exampleimport osfrom openai import OpenAIclient = OpenAI(api_key=os.environ.get("OPENTYPHOON_API_KEY"),base_url="https://api.opentyphoon.ai/v1") -
Restrict API key permissions - Create API keys with the minimum permissions necessary for your application.
-
Rotate API keys periodically - Regularly generate new API keys and retire old ones to limit the impact of key exposure.
-
Use secrets management services - For production applications, use services like AWS Secrets Manager, Google Secret Manager, or Azure Key Vault to store and manage your API keys.
-
Monitor API key usage - Regularly check your usage dashboard to detect any unusual activity that might indicate a compromised key.
Implementing Authentication in Different Environments
Backend Web Applications
For web applications, store your API key securely on your server and make API calls from your backend:
// Node.js Express exampleconst express = require('express');const { OpenAI } = require('openai');require('dotenv').config();
const app = express();app.use(express.json());
const openai = new OpenAI({ apiKey: process.env.OPENTYPHOON_API_KEY, baseURL: 'https://api.opentyphoon.ai/v1',});
app.post('/api/chat', async (req, res) => { try { const response = await openai.chat.completions.create({ model: 'typhoon-v2-70b-instruct', messages: req.body.messages, }); res.json({ response: response.choices[0].message.content }); } catch (error) { res.status(500).json({ error: error.message }); }});
app.listen(3000, () => { console.log('Server running on port 3000');});Mobile Applications
For mobile applications, never include API keys directly in your app. Instead, set up a backend service that handles API calls:
// Swift example for iOSfunc callChatAPI(message: String, completion: @escaping (Result<String, Error>) -> Void) { // Make a request to your backend, not directly to OpenTyphoon.ai guard let url = URL(string: "https://your-backend.com/api/chat") else { completion(.failure(NSError(domain: "Invalid URL", code: 0))) return }
var request = URLRequest(url: url) request.httpMethod = "POST" request.addValue("application/json", forHTTPHeaderField: "Content-Type")
let body: [String: Any] = [ "message": message ]
request.httpBody = try? JSONSerialization.data(withJSONObject: body)
URLSession.shared.dataTask(with: request) { data, response, error in if let error = error { completion(.failure(error)) return }
guard let data = data else { completion(.failure(NSError(domain: "No data received", code: 0))) return }
do { if let json = try JSONSerialization.jsonObject(with: data) as? [String: Any], let response = json["response"] as? String { completion(.success(response)) } else { completion(.failure(NSError(domain: "Invalid response format", code: 0))) } } catch { completion(.failure(error)) } }.resume()}Error Handling
If you encounter authentication errors, check the HTTP status code and error message:
- 401 Unauthorized: Your API key is invalid or has been revoked
- 403 Forbidden: Your API key does not have permission to access the requested resource
Example error response:
{ "error": { "message": "Invalid API key provided", "type": "authentication_error", "param": null, "code": "invalid_api_key" }}API Key Management
You can manage your API keys through the OpenTyphoon.ai dashboard:
- Create new keys: Generate additional API keys for different applications or environments
- Rename keys: Give your keys descriptive names to remember their purpose
- Delete keys: Permanently remove API keys that are no longer needed
- View usage: See how each API key is being used across your applications
Getting Help
If you’re experiencing authentication issues with the OpenTyphoon.ai API, please contact our support team at contact@opentyphoon.ai or join our Discord community for assistance.