Skip to main content

Authentication

All public developer endpoints in this docs set are protected by the same header-based API key.

Header format

x-api-key: YOUR_API_KEY

Where to create keys

Create and manage keys inside TFI Studio:
  • App: https://app.techforgeinnovate.com/
  • API access: https://app.techforgeinnovate.com/api-access

Base URL

https://api.techforgeinnovate.com

Example request

curl "https://api.techforgeinnovate.com/auth/credits" \
  -H "x-api-key: $TFI_API_KEY"

What the API key grants

  • Access to the API-key endpoints documented in this site
  • Project-scoped access to the account that owns the key
  • Job reads and writes only for jobs created under that account
  • Active-project discovery for branded workflows

Error behavior

  • Missing x-api-key: request is rejected as unauthorized
  • Invalid x-api-key: request is rejected as unauthorized
  • Valid key with wrong resource ID: endpoints usually return 404 Not Found or a { "message": "...not found" } payload, depending on the controller

Security guidance

  • Keep API keys server-side whenever possible
  • Rotate keys if they are exposed in logs, client bundles, or support transcripts
  • Treat signed output URLs as temporary delivery artifacts, not as permanent public links