Overview

The Cloro API uses Bearer token authentication to secure API endpoints. You’ll need to include your API key in the Authorization header of every request.

Getting Your API Key

To get your API key, please contact us at [email protected]. We’ll set up your account and provide you with your API key. Once you receive your API key:
  1. Store your API key securely - keep it confidential
  2. Never expose your API key in client-side code or public repositories
Never expose your API key in client-side code, public repositories, or share it with unauthorized users.

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix: 
Authorization: Bearer YOUR_API_KEY

Example Requests

curl -X POST https://api.cloro.com/v1/run \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "Your prompt here", "model": "CHATGPT"}'

Authentication Errors

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "success": false,
  "error": "Invalid or missing API key"
}
Common authentication issues:
  • Missing Bearer prefix: Make sure to include Bearer before your API key
  • Invalid API key: Check that you’re using the correct API key
  • Expired API key: Some API keys may have expiration dates
  • Rate limit exceeded: You’ve exceeded your plan’s rate limit

Security Best Practices

Do’s

  • ✅ Store API keys in environment variables
  • ✅ Use server-side code to make API requests
  • ✅ Rotate API keys regularly
  • ✅ Use different API keys for different environments (dev, staging, production)

Don’ts

  • ❌ Never commit API keys to version control
  • ❌ Don’t expose API keys in client-side JavaScript
  • ❌ Avoid sharing API keys via email or chat
  • ❌ Don’t log API keys in production logs

Environment Variables

We recommend storing your API key in environment variables: 
CLORO_API_KEY=your_api_key_here

API Key Management

Regenerating Keys

If you suspect your API key has been compromised:
  1. Contact us immediately at [email protected]
  2. We’ll revoke the compromised key
  3. We’ll generate a new API key for you
  4. Update your applications with the new key

Multiple API Keys

You can create multiple API keys for different purposes:
  • Production: For your live application
  • Development: For local development and testing
  • CI/CD: For automated testing and deployment
  • Team members: Individual keys for team access

Need Help?

If you’re having trouble with authentication: