Skip to main content
Every request to the Tuteliq API must include a valid API key. You can create and manage keys from the Tuteliq Dashboard.

Authentication methods

Tuteliq supports two ways to pass your API key. Both are equivalent; use whichever fits your stack.

Bearer token

Pass the key in the Authorization header: 
curl https://api.tuteliq.ai/v1/safety/detect-unsafe \
  -H "Authorization: Bearer YOUR_API_KEY"

x-api-key header

Pass the key in a dedicated header: 
curl https://api.tuteliq.ai/v1/safety/detect-unsafe \
  -H "x-api-key: YOUR_API_KEY"
If both headers are present, Authorization: Bearer takes precedence.

SDK authentication

import { Tuteliq } from "@tuteliq/sdk";

const tuteliq = new Tuteliq({
  apiKey: process.env.TUTELIQ_API_KEY,
});
Never hard-code API keys in source code. Use environment variables or a secrets manager.

Environments and tiers

Each API key is scoped to an environment. The environment determines which rate-limit tier applies:
EnvironmentTierRate limit
productionPremium1,000 req/min
stagingBasic300 req/min
developmentFree60 req/min
You select the environment when creating a key in the dashboard. Keys cannot be moved between environments after creation.

Security

  • API keys are hashed with SHA-256 before being stored. Tuteliq never retains your plaintext key.
  • Keys are shown only once at creation time. If you lose a key, revoke it and create a new one.
  • Each request updates the key’s last_used_at timestamp and increments its requests_count, both visible in the dashboard.
If you suspect a key has been compromised, revoke it immediately from the Dashboard and generate a replacement.