Access tokens authenticate OpenAPI calls (/openapi/* routes). They are not inference API keys (sk- prefix).
| Access token | Inference API key | |
|---|---|---|
| Prefix | ot_ | sk- |
| Header | X-Access-Token | Authorization: Bearer |
| Use | Control plane (key mgmt, usage) | Data plane (model calls) |
Create and store
- Sign in to the console and open Access tokens.
- Create a token with an optional description. The plaintext is shown once — store it in your secret manager immediately.
- Disable or delete tokens you no longer need.
Never embed access tokens in front-end code or Git. Use them only on servers or in automation, same as inference keys.
Example
export ACCESS_TOKEN="ot_xxxxxxxx"
curl -sS "https://51kik.com/openapi/api-keys?page=1&page_size=20" \
-H "X-Access-Token: $ACCESS_TOKEN"
Errors
| HTTP | code | message |
|---|---|---|
| 401 | 401 | X-Access-Token header is required for OpenAPI endpoints. |
| 401 | 401 | The access token is invalid, disabled, or expired. |
Envelope shape: see Error responses in OpenAPI overview.