Authentication

The Fluxpool API uses API keys for authentication. All requests require a valid key sent as a Bearer token — the same format used by the OpenAI API.


API Keys

Your API key is generated in the Fluxpool Dashboard. Keys are prefixed with fp_ and look like this:

Example Key
fp_sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Keep your API key secret. Do not expose it in client-side code, public repositories, or frontend applications. Use environment variables or a secrets manager.

Get your API key →


Making Requests

Include your API key in the Authorization header of every request.

Header Format

Header
Authorization: Bearer fp_your_api_key

cURL Example

Bash
curl https://api.fluxpool.ai/v1/images/generations \
  -H "Authorization: Bearer fp_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "flux-1.1-pro",
    "prompt": "A dragon on a neon-lit Tokyo rooftop, 8K",
    "size": "1024x1024"
  }'

Python Example

Python
import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.fluxpool.ai/v1",
    api_key=os.environ["FLUXPOOL_API_KEY"]
)

response = client.images.generate(
    model="flux-1.1-pro",
    prompt="A dragon on a neon-lit Tokyo rooftop, 8K",
    size="1024x1024"
)

print(response.data[0].url)

JavaScript / Node.js Example

JavaScript
import OpenAI from "openai";

const client = new OpenAI({
  baseURL: "https://api.fluxpool.ai/v1",
  apiKey: process.env.FLUXPOOL_API_KEY,
});

const response = await client.images.generate({
  model: "flux-1.1-pro",
  prompt: "A dragon on a neon-lit Tokyo rooftop, 8K",
  size: "1024x1024",
});

console.log(response.data[0].url);

OpenAI SDK Compatibility

The Fluxpool API is OpenAI-compatible. If you already use the OpenAI Python or Node.js SDK, change two values: base_url and api_key. Everything else works as-is.

Parameter OpenAI Default Fluxpool
base_url / baseURL https://api.openai.com/v1 https://api.fluxpool.ai/v1
api_key / apiKey sk_... fp_...

Tip: You don't need a Fluxpool-specific SDK. The official openai Python and Node.js packages work directly. Just change the base URL and API key.


API Key Management

Manage your keys in the Dashboard → API Keys section.

Creating a Key

  1. Go to Dashboard → API Keys.
  2. Click "Create new key."
  3. Give it a name (e.g., production, staging, my-app).
  4. Copy the key immediately — it is shown only once.

Copy your key on creation. For security, the full key is displayed only once. If you lose it, revoke it and create a new one.

Rotating Keys

To rotate a key without downtime:

  1. Create a new key.
  2. Update your application to use the new key.
  3. Verify requests succeed with the new key.
  4. Revoke the old key.

Revoking Keys

Revoke any key instantly from the dashboard. Revoked keys stop working immediately — all in-flight requests using that key will fail.

Multiple Keys

You can create multiple API keys per account. Use separate keys for different environments (development, staging, production) or applications to isolate usage tracking and simplify rotation.


Rate Limits

Rate limits depend on your account tier and protect the platform from abuse.

Tier Requests / Min Concurrent Burst
Free 10 2 15
Pay As You Go 60 10 100
Enterprise Custom Custom Custom

Rate Limit Headers

Every API response includes rate limit headers:

Response Headers
x-ratelimit-limit: 60
x-ratelimit-remaining: 54
x-ratelimit-reset: 1720000000
Header Description
x-ratelimit-limit Max requests per minute for your tier
x-ratelimit-remaining Requests remaining in current window
x-ratelimit-reset Unix timestamp when the window resets

Handling Rate Limits

If you exceed the limit, the API returns 429 Too Many Requests. Implement exponential backoff or wait until x-ratelimit-reset.

Python — Retry with Backoff
import time
from openai import OpenAI, RateLimitError

client = OpenAI(
    base_url="https://api.fluxpool.ai/v1",
    api_key="fp_your_api_key"
)

def generate_with_retry(prompt, max_retries=3):
    for attempt in range(max_retries):
        try:
            return client.images.generate(
                model="flux-1.1-pro",
                prompt=prompt
            )
        except RateLimitError:
            wait = 2 ** attempt
            time.sleep(wait)
    raise Exception("Rate limit exceeded after retries")

Need higher limits? Contact us for enterprise-tier rate limits and dedicated endpoints.


Security Best Practices

  • Use environment variables. Never hardcode keys in source code.
    Bash
    export FLUXPOOL_API_KEY=fp_your_api_key
  • Never expose keys client-side. API calls must originate from your server or backend, not from browsers or mobile apps.
  • Use separate keys per environment. production, staging, and development keys make rotation and auditing simpler.
  • Rotate keys periodically. Even without a suspected compromise, rotate keys every 90 days.
  • Revoke compromised keys immediately. If a key is leaked in a public repo, logs, or error message, revoke it from the Dashboard and create a new one.
  • Monitor usage. Check the Dashboard for unexpected spikes in generation volume, which could indicate key compromise.

Errors

Authentication-related error responses:

Status Error Code Description Fix
401 invalid_api_key The API key is missing, malformed, or revoked. Check the key value. Ensure the Authorization: Bearer prefix is present.
401 expired_api_key The API key has been revoked or expired. Create a new key in the Dashboard.
403 insufficient_credits Your account has no remaining credits. Top up credits to continue generating.
429 rate_limit_exceeded Too many requests in the current window. Wait and retry with backoff. See Rate Limits.
JSON — 401 Response
{
  "error": {
    "type": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked.",
    "code": 401
  }
}