Getting started
Authentication
The Floo API authenticates requests with API keys sent as Bearer tokens. Every request must include the Authorization header.
Mint a key
Generate a key from /dashboard/settings/api-keys. Keys are scoped to a workspace and shown exactly once at creation - store them in a secrets manager.
Treat keys like passwords. Never commit them to source control, embed them in client-side JavaScript, or share them in support tickets. Rotate immediately if exposed.
Sending the header
Pass the key as Authorization: Bearer <key>. We accept it on every endpoint under /api/v1.
curlbash
curl https://flooai.com/api/v1/agents \
-H "Authorization: Bearer flk_live_xxxxxxxxxxxxxxxx"Node (fetch)ts
700 font-semibold">const res = 700 font-semibold">await fetch("https:700 font-semibold">class="text-gray-500 italic">//flooai.com/api/v1/agents", {
headers: {
Authorization: 700 font-semibold">class="text-emerald-700">`Bearer ${process.env.FLOO_API_KEY}`,
},
});
700 font-semibold">const data = 700 font-semibold">await res.json();Python (requests)py
700 font-semibold">import os
700 font-semibold">import requests
res = requests.get(
"https://flooai.com/api/v1/agents",
headers={"Authorization": f"Bearer {os.environ[700 font-semibold">class="text-emerald-700">'FLOO_API_KEY']}"},
)
res.raise_for_status()
print(res.json())Key types
- Live keys (
flk_live_…) talk to production: real numbers, real spend. - Test keys (
flk_test_…) return mocked data and never place real calls. Use them in CI and local dev.
Errors
Missing or invalid keys return 401 Unauthorized:
JSON
{
"error": "Invalid API key",
"code": "invalid_api_key"
}See the Errors reference for the full list.