TensorLoopAuthentication
Every TensorLoop request is authenticated with a bearer token. Keys are scoped to specific models, budgets, and rate limits — and they expire.
How auth works
All inference requests carry a bearer token in the Authorization header:
Authorization: Bearer sk-...Tokens are minted from the dashboard. There is no separate username/password flow for the inference API.
Key properties
Every key has:
| Property | Description |
|---|---|
| Alias | Short, human-readable name like my-laptop or prod-backend. Lowercase letters, numbers, dashes only. Used in the dashboard and analytics. |
| Models | An allowlist of model IDs this key can call. Requests for other models return 403. |
| Budget | USD ceiling that resets every 30 days. Calls past the budget return 429. |
| Rate limit | Max requests per minute. Bursts above the cap return 429. |
| Expiry | Date after which the key stops working. Default 90 days, max 365. |
Each key is scoped to your user account. Other users on TensorLoop can't see your keys, your aliases, or your spend.
Minting a key
- Go to the API keys page in the dashboard.
- Fill in Create key.
- Click Create API key.
- Copy the plaintext from the reveal dialog.
You will not see the plaintext again. If you lose it, revoke and mint a new one.
Listing keys
Key listing is dashboard-only. There is no programmatic endpoint that returns a user's keys — the dashboard authenticates with session cookies, not bearer tokens. See Dashboard walkthrough → Keys for what each column shows.
This is intentional: it keeps a leaked inference key from enumerating sibling keys on the same account.
Revoking a key
In the keys table, click the trash icon next to a key, type the alias to confirm, and click Revoke key. Revocation is immediate and permanent — any application using the key starts seeing 401 responses within seconds.
Revoke any key you suspect has leaked. There is no "rotate in place" — you mint a new key with a new plaintext value.
Plan limits
You can hold up to 2 keys on free and 10 on pro. Hitting the limit makes the next create call fail with plan_limit_keys. Revoke an unused key to make room, or upgrade.
See Rate limits & budgets for the budget and RPM caps per plan.