CanalAPI
Developer Guide

Authentication

How to authenticate requests to CanalAPI.

Every CanalAPI request is authenticated via an API key sent in the Authorization header using the Bearer scheme:

Authorization: Bearer sk-...

Where to get a key

See API Keys for the console workflow. Keys are issued in the format sk-....

Including the key

HTTP

POST /v1/chat/completions HTTP/1.1
Host: api.canalapi.com
Authorization: Bearer sk-your-key
Content-Type: application/json

OpenAI SDKs

The official OpenAI SDKs accept a custom baseURL and apiKey. CanalAPI is wire-compatible, so the same client works:

import OpenAI from 'openai';

const client = new OpenAI({
  apiKey: process.env.CANALAPI_API_KEY,
  baseURL: 'https://api.canalapi.com/v1',
});

Key scopes and limits

Limits applied to a key (rate limits, allowed models, per-key quotas) are configured from the console. See Rate Limits.

Failure modes

  • 401 Unauthorized — key missing, malformed, or revoked.
  • 403 Forbidden — key is valid but not allowed to access the requested resource.
  • 429 Too Many Requests — rate limit or quota exceeded.

See Errors for the full error model.

Operational notes

  • Never commit a key to source control.
  • Never embed a key in browser JavaScript or in a mobile app. Use a server-side proxy.
  • Rotate keys when team members leave or when you suspect leakage.

Developer Guide

Authentication, models, errors, rate limits, and streaming for CanalAPI.

Quickstart

A 5-minute, copy-pasteable integration with CanalAPI.

On this page

Where to get a keyIncluding the keyHTTPOpenAI SDKsKey scopes and limitsFailure modesOperational notes