Getting started

Authentication

The Floo API authenticates requests with API keys sent as Bearer tokens. Every request must include the Authorization header.

Mint a key

Generate a key from /dashboard/settings/api-keys. Keys are scoped to a workspace and shown exactly once at creation - store them in a secrets manager.

Treat keys like passwords. Never commit them to source control, embed them in client-side JavaScript, or share them in support tickets. Rotate immediately if exposed.

Sending the header

Pass the key as Authorization: Bearer <key>. We accept it on every endpoint under /api/v1.

curlbash
curl https://flooai.com/api/v1/agents \
  -H "Authorization: Bearer flk_live_xxxxxxxxxxxxxxxx"
Node (fetch)ts
700 font-semibold">const res = 700 font-semibold">await fetch("https:700 font-semibold">class="text-gray-500 italic">//flooai.com/api/v1/agents", {
  headers: {
    Authorization: 700 font-semibold">class="text-emerald-700">`Bearer ${process.env.FLOO_API_KEY}`,
  },
});
700 font-semibold">const data = 700 font-semibold">await res.json();
Python (requests)py
700 font-semibold">import os
700 font-semibold">import requests

res = requests.get(
    "https://flooai.com/api/v1/agents",
    headers={"Authorization": f"Bearer {os.environ[700 font-semibold">class="text-emerald-700">'FLOO_API_KEY']}"},
)
res.raise_for_status()
print(res.json())

Key types

  • Live keys (flk_live_…) talk to production: real numbers, real spend.
  • Test keys (flk_test_…) return mocked data and never place real calls. Use them in CI and local dev.

Errors

Missing or invalid keys return 401 Unauthorized:

JSON
{
  "error": "Invalid API key",
  "code": "invalid_api_key"
}

See the Errors reference for the full list.