Every request to the Huzz API is authenticated with a Bearer token in the Authorization header:
Authorization: Bearer $HUZZ_API_KEY
Sign up at huzz.ai/register, then request a key from the Huzz team at support@huzz.ai — during early access, keys are issued by the team, with self-serve key management on the way. Keys are shared once at issuance — store them immediately in a secret manager or environment variable.
Example
curl https://api.huzz.ai/v1/chat/completions \
-H "Authorization: Bearer $HUZZ_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "Ping"}]
}'
The same header works on every Huzz endpoint, including the async prediction routes under /api/v3/.
Key safety
Your API key is a live credential for your account and billing. Treat it like a password.
- Server-side only. Never ship a key in browser JavaScript, mobile apps, or anything a user can inspect. Proxy model calls through your own backend.
- Keep keys out of source control. Load
HUZZ_API_KEY from environment variables or a secret manager, never from committed config files.
- One key per environment. Use separate keys for development, staging, and production so a leak in one place never affects the others.
- Rotate on suspicion. If a key may have leaked, contact the Huzz team to revoke it and issue a new one — revoked keys stop working immediately.
Failed authentication
Requests with a missing, malformed, expired, or revoked key return 401 Unauthorized with a standard error body. A 401 is never worth retrying with the same key — fix the credential first.