Skip to main content

API keys

You need an API key to call any endpoint at https://api.ecohash.com. Keys are scoped to your account — every call made with a key bills against your account's credit balance.

Create a key

  1. In the console, go to API Keys in the sidebar.
  2. Click Create new key.
  3. Give it a name (e.g. "local dev", "production backend", "data pipeline") and optionally a source tag for billing analytics.
  4. Click Create.
  5. Copy the key immediately. It starts with eco_ and is shown only once. If you lose it, you'll need to revoke it and create a new one.

Use a key

Pass the key in the Authorization header as a bearer token:

curl https://api.ecohash.com/v1/chat/completions \
  -H "Authorization: Bearer eco_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "meta-llama/Llama-3.1-8B-Instruct",
    "messages": [{"role": "user", "content": "Say hello"}]
  }'

The same key works for every endpoint: /v1/chat/completions, /v1/embeddings, /v1/images/generations, /v1/audio/speech, /v1/audio/transcriptions, /v1/video/generations, /v1/rerank.

Use a key with OpenAI SDKs

Since the API is OpenAI-compatible, point any OpenAI SDK at EcoLink by changing the base URL:

from openai import OpenAI
client = OpenAI(
    api_key="eco_YOUR_KEY_HERE",
    base_url="https://api.ecohash.com/v1",
)
resp = client.chat.completions.create(
    model="meta-llama/Llama-3.1-8B-Instruct",
    messages=[{"role": "user", "content": "Say hello"}],
)
print(resp.choices[0].message.content)
import OpenAI from "openai";
const client = new OpenAI({
  apiKey: "eco_YOUR_KEY_HERE",
  baseURL: "https://api.ecohash.com/v1",
});
const resp = await client.chat.completions.create({
  model: "meta-llama/Llama-3.1-8B-Instruct",
  messages: [{ role: "user", content: "Say hello" }],
});
console.log(resp.choices[0].message.content);

Revoke a key

  1. API Keys in the sidebar.
  2. Click Revoke next to the key.
  3. Confirm.

A revoked key stops working immediately. Existing in-flight requests using that key finish; new requests get a 401 Unauthorized.

Good practices

  • One key per environment or service. If something leaks, revoke just that key without breaking other services.
  • Store keys in a secrets manager, not in source control. Set them as environment variables at runtime.
  • Rotate keys at least yearly — or whenever anyone who had access to the key leaves the team.
  • Use source tags in key creation to segment billing (Billing → Usage filters by source tag).

Multiple users, shared keys

API keys are account-scoped, not user-scoped. Any user with an owner role on the account can create and revoke keys. Team members share the same keys — the same account, the same balance. See Team & invites for the access model.