TorkTORK
Docs/API Reference

Authentication

Learn how to authenticate with the Tork API using API keys.

API Keys

All API requests require authentication using an API key. You can create and manage API keys from your Dashboard.

API Key Format

tork_sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

API keys start with tork_sk_ followed by a random string.

Keep your API key secret
Your API key provides full access to your Tork account. Never share it publicly, commit it to version control, or include it in client-side code.

Using Your API Key

Include your API key in the Authorization header:

http
Authorization: Bearer tork_sk_your_api_key_here

Example Request

bash
curl -X POST https://tork.network/api/v1/evaluate \
  -H "Authorization: Bearer tork_sk_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"content": "Hello world", "checks": ["pii"]}'

SDK Authentication

The Tork SDKs handle authentication automatically. Just pass your API key when creating the client:

python
from tork import TorkClient

# Option 1: Pass API key directly
client = TorkClient(api_key="tork_sk_your_api_key_here")

# Option 2: Use environment variable (recommended)
# Set TORK_API_KEY in your environment
client = TorkClient()  # Reads from TORK_API_KEY

# Option 3: Use a config file
client = TorkClient.from_config("~/.tork/config.json")
Environment Variables
We recommend using environment variables for API keys. This keeps your code clean and makes it easy to use different keys in different environments.

API Key Types

TypePrefixPermissionsUse Case
Secret Keytork_sk_Full accessServer-side applications
Restricted Keytork_rk_Limited endpointsSpecific integrations
Ephemeral Keytork_ek_Session-scopedTemporary agent sessions

Key Management

Best practices for managing your API keys:

  • Use different keys for different environments - Create separate keys for development, staging, and production.
  • Rotate keys regularly - Generate new keys periodically and revoke old ones.
  • Use restricted keys when possible - Limit permissions to only what's needed.
  • Monitor key usage - Check the dashboard for unusual activity.

Authentication Errors

StatusError CodeDescription
401missing_api_keyNo API key provided in request
401invalid_api_keyAPI key is malformed or doesn't exist
401expired_api_keyAPI key has expired
403insufficient_permissionsAPI key doesn't have permission for this endpoint
json
{
  "success": false,
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked.",
    "status": 401
  }
}

Related Documentation

REST API

Explore all available API endpoints

Learn more

Error Codes

Complete list of error codes and handling

Learn more