Authentication
The FloImg API uses API keys for authentication. Each request must include your API key in the Authorization header.
Getting Your API Key
Section titled “Getting Your API Key”- Log in to FloImg Studio Cloud
- Go to Settings → API Keys
- Click Create API Key
- Copy and securely store your key (it won’t be shown again)
Using Your API Key
Section titled “Using Your API Key”Include your API key in the Authorization header with the Bearer scheme:
curl https://api.floimg.com/v1/workflows \ -H "Authorization: Bearer fsk_live_abc123xyz789..."API Key Format
Section titled “API Key Format”FloImg API keys follow this format:
| Prefix | Environment | Example |
|---|---|---|
fsk_live_ | Production | fsk_live_abc123xyz789... |
fsk_test_ | Test/Sandbox | fsk_test_def456uvw012... |
Test keys are rate-limited and don’t consume your plan quota. Use them for development.
Environment Variables
Section titled “Environment Variables”We recommend storing your API key in environment variables:
FLOIMG_API_KEY=fsk_live_abc123xyz789...Then in your code:
const apiKey = process.env.FLOIMG_API_KEY;Key Permissions
Section titled “Key Permissions”When creating an API key, you can scope its permissions:
| Permission | Description |
|---|---|
workflows:read | List and get workflow details |
workflows:execute | Execute workflows |
storage:read | List and download images |
storage:write | Upload and delete images |
all | Full access (default) |
Revoking Keys
Section titled “Revoking Keys”To revoke an API key:
- Go to Settings → API Keys
- Find the key to revoke
- Click Revoke
Revoked keys immediately stop working. There’s no undo.
Error Responses
Section titled “Error Responses”Authentication errors return 401 Unauthorized:
{ "error": { "code": "unauthorized", "message": "Invalid or missing API key" }}Common causes:
- Missing
Authorizationheader - Invalid or revoked API key
- Using a test key in production (or vice versa)
Security Best Practices
Section titled “Security Best Practices”- Never expose keys client-side - API calls should go through your backend
- Rotate keys periodically - Create new keys and revoke old ones
- Use least privilege - Create keys with only the permissions needed
- Monitor usage - Check your dashboard for unexpected activity
- Use test keys for development - Avoid accidental production usage