Authentication

Learn how to authenticate your requests to the UndetectedGPT API.

All API requests require an API key for authentication. Keys are passed in the Authorization header as a Bearer token.

Authorization: Bearer ugpt_live_a1b2c3d4e5f6...

Keys are prefixed with ugpt_live_ and contain 48 cryptographically random hex characters. They are shown only once at creation.

You can create up to 5 active API keys from the API Keys page. Each key can be named (e.g. "Production", "Staging") and revoked independently.

Create

Generate a new key from the dashboard. Copy it immediately.

Revoke

Disable a key instantly. Revoked keys cannot be reactivated.

Rate limits

Each key has its own per-minute rate limit (default 10/min).

Billing

All keys share your account's word balance.

Never expose your API key in client-side code. Keys should only be used in server-side applications, backend services, or secure environments.

Use environment variables. Store your key as an environment variable (e.g. UGPT_API_KEY) rather than hardcoding it in your source code.

Rotate keys periodically. Create a new key and revoke the old one if you suspect it has been compromised.

Use separate keys per environment. Create different keys for development, staging, and production.

If you believe your key has been compromised, revoke it immediately from the API Keys page and create a new one.

If authentication fails, the API returns a 401 status code.

{
  "error": "Invalid or revoked API key."
}

Missing header

No Authorization header provided

Bad format

Header doesn't start with "Bearer ugpt_live_"

Invalid key

Key not found or has been revoked

Too many failures

5+ failed auth attempts from same IP within 60 seconds

API Reference

Full endpoint documentation with all parameters and response formats.

Getting Started

Make your first API call in under 5 minutes.

Was this page helpful?