Every request to the Huzz API is authenticated with a Bearer token in the Authorization header:
Authorization: Bearer $HUZZ_API_KEY
Sign up at huzz.ai/register, then request a key from the Huzz team at support@huzz.ai — during early access, keys are issued by the team, with self-serve key management on the way. Keys are shared once at issuance — store them immediately in a secret manager or environment variable.

Example

curl https://api.huzz.ai/v1/chat/completions \
  -H "Authorization: Bearer $HUZZ_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Ping"}]
  }'
The same header works on every Huzz endpoint, including the async prediction routes under /api/v3/.

Key safety

Your API key is a live credential for your account and billing. Treat it like a password.
  • Server-side only. Never ship a key in browser JavaScript, mobile apps, or anything a user can inspect. Proxy model calls through your own backend.
  • Keep keys out of source control. Load HUZZ_API_KEY from environment variables or a secret manager, never from committed config files.
  • One key per environment. Use separate keys for development, staging, and production so a leak in one place never affects the others.
  • Rotate on suspicion. If a key may have leaked, contact the Huzz team to revoke it and issue a new one — revoked keys stop working immediately.

Failed authentication

Requests with a missing, malformed, expired, or revoked key return 401 Unauthorized with a standard error body. A 401 is never worth retrying with the same key — fix the credential first.