Authentication
API keys and request identity.
lmchat uses bearer tokens for authentication. Keys are intended to be revocable and scoped. Treat them like passwords.
Bearer token
Authorization: Bearer LMCHAT_API_KEYIf your key is missing or invalid, you’ll receive an authentication error (401).
Recommended headers
Attribution headers
These headers help identify your integration and can improve support/analytics.
HTTP-Referer: https://yourapp.com
X-Title: YourAppNameKey hygiene
- Never ship keys to untrusted clients (mobile/desktop without protection).
- Rotate keys on suspicion of leakage.
- Use separate keys per environment (dev/staging/prod).