Authentication

All API requests require authentication using an API key.

Using Your API Key

Include your API key in the X-API-Key header with every request:

bash

curl -X POST https://ogimageapi.io/api/generate \
  -H "X-API-Key: og_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"title": "Hello World"}'

API Key Format

API keys follow this format:

og_[32 random alphanumeric characters]

Example: og_aBcDeFgHiJkLmNoPqRsTuVwXyZ123456

Security Best Practices

WARNING

Never expose your API key in client-side code or public repositories.

Do's ✓

Store keys in environment variables
Use server-side code for API calls
Rotate keys if compromised

Don'ts ✗

Don't hardcode keys in source code
Don't commit keys to version control
Don't use keys in frontend JavaScript

Environment Variables

Store your API key securely:

bash

# .env file (never commit this!)
OG_IMAGE_API_KEY=og_your_api_key_here

Access in your code:

Node.js

javascript

const apiKey = process.env.OG_IMAGE_API_KEY;

Python

python

import os
api_key = os.environ.get('OG_IMAGE_API_KEY')

PHP

php

$apiKey = getenv('OG_IMAGE_API_KEY');

Error Responses

Status	Code	Description
401	`MISSING_API_KEY`	No API key provided
401	`INVALID_API_KEY`	API key not found
403	`SUBSCRIPTION_CANCELED`	Subscription inactive
403	`PAYMENT_PAST_DUE`	Payment failed

Example error response:

json

{
  "error": true,
  "message": "Missing API key. Include X-API-Key header.",
  "code": "MISSING_API_KEY"
}

Regenerating Your API Key

If your key is compromised:

Contact support immediately
We'll deactivate the old key
A new key will be issued

Note

Automatic key rotation is on our roadmap.

Authentication ​

Using Your API Key ​

API Key Format ​

Security Best Practices ​

Do's ✓ ​

Don'ts ✗ ​

Environment Variables ​

Node.js ​

Python ​

PHP ​

Error Responses ​

Regenerating Your API Key ​