Authentication

Every call to the Norlen API is authenticated with an API key, sent in the Authorization header as a Bearer token.

Authorization: Bearer YOUR_API_KEY

The key identifies your account, applies your plan (allowed models, requests/min limit), and tracks usage. A call without a key — or with an invalid key — returns 401.

Where to get your key

In the dashboard (app.norlen.io), under Dashboard. The same key works for all endpoints (chat, embeddings, image).

Best practices

Your key is a credential

Anyone with the key consumes your plan and your balance. Treat it like a password.

• Never expose the key in the browser. Call the API from your backend; don’t embed the key in front-end code, mobile apps, or public repositories.
• Use environment variables, not hardcoded values in your code.
• Rotate the key if you suspect a leak — generate a new one in the dashboard and update your services.

curl

export NORLEN_API_KEY="sk-..."
curl https://api.norlen.io/v1/models \
  -H "Authorization: Bearer $NORLEN_API_KEY"

Python

import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.norlen.io/v1",
    api_key=os.environ["NORLEN_API_KEY"],
)

Node.js

import OpenAI from "openai";

const client = new OpenAI({
  baseURL: "https://api.norlen.io/v1",
  apiKey: process.env.NORLEN_API_KEY,
});

Authentication errors

Status	Meaning	What to do
401 Unauthorized	Key missing, invalid, or revoked	Check the Authorization header and generate a new key if needed
429 Too Many Requests	Plan’s requests/min limit reached	Reduce the rate or upgrade your plan — see Pricing & quotas

Note

The requests-per-minute limit (fair use) depends on your plan. Image generation uses the same key, but at a different base URL — see API overview.