API Keys
API keys are the simplest way to authenticate with Gumnut. They’re ideal for server-side applications, scripts, automation, and CI/CD pipelines.
Creating an API Key
- Log into the Gumnut Dashboard
- Navigate to API Keys
- Click Create API Key
- Name your key descriptively (e.g., “Production Server”, “Development”)
- Copy and securely store the key
API keys are shown only once when created. Store them securely in environment variables or a secrets manager. Never commit API keys to version control.
Using API Keys
Include your API key in the Authorization header as a Bearer token:
curl -X GET https://api.gumnut.ai/api/assets \
-H "Authorization: Bearer apikey_your_api_key_here"
TypeScript SDK
import Gumnut from 'gumnut-sdk';
const client = new Gumnut({
apiKey: process.env.GUMNUT_API_KEY
});
Python SDK
import os
from gumnut import Gumnut
client = Gumnut(
api_key=os.environ.get("GUMNUT_API_KEY")
)
Node.js with axios
import axios from 'axios';
const gumnutApi = axios.create({
baseURL: 'https://api.gumnut.ai',
headers: {
Authorization: `Bearer ${process.env.GUMNUT_API_KEY}`,
},
});
const { data } = await gumnutApi.get('/api/assets');
console.log(data);
Managing Keys
View and manage API keys in the dashboard:
- See creation date and last used time
- Track usage statistics
- Revoke keys instantly
Error Handling
401 Unauthorized — Invalid or expired API key:
{
"error": "unauthorized",
"message": "Invalid or expired token"
}
- Verify the key is copied correctly (should start with
apikey_)
- Check it hasn’t been revoked in the dashboard
- Ensure you’re using the correct environment’s key
403 Forbidden — Insufficient permissions:
{
"error": "forbidden",
"message": "Insufficient permissions for this operation"
}
