Authentication

    To use the Cinclus LLM On-Demand API, you must provide a valid API key with each request. API keys authenticate and authorize your requests, ensuring that only you (or your organization) can access your account's usage of the service.

    Obtaining Your API Key

    1. Sign Up: Create an account on the Cinclus platform (if you haven't already).
    2. Retrieve API Key: Navigate to the API Keys or Account section of the Cinclus dashboard.
    3. Create API Key: Click "Create API Key" (or similar), and a new key will be generated.
    4. Copy the API Key: Copy the API key and store it securely. This key is your secret credential – do not share it publicly or expose it in client-side code.
    5. Manage Keys: You can create multiple keys for different applications or teams. If an API key is compromised, revoke it from the dashboard immediately and generate a new one.

    Using the API Key

    Include the API key in the header of every API request:

    Authorization: Bearer YOUR_API_KEY

    • The keyword Bearer is followed by a space and then your API key.

    • Ensure you transmit the key over HTTPS only. All Cinclus endpoints require HTTPS for security.

    • Do not include the API key in URLs or query parameters where it might be logged. Always use the header.

    For example, a cURL request with the API key might look like:

    curl -X POST https://api.cinclus.wayscloud.services/v1/completions \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer YOUR_API_KEY" \
      -d '{ "model": "cinclus-text-001", "prompt": "Hello world", "max_tokens": 5 }'

    If the API key is missing or invalid, the API will return an authentication error (HTTP 401 Unauthorized). Make sure your key is correct and not expired or revoked.

    Security Best Practices

    • Keep it Secret: Never commit your API keys to source control or expose them in client-side code (browser or mobile apps).
    • Backend Use: Use the API key from your server-side code or a secure environment. If you must call the API from a client app, consider routing the request through your own backend to keep the key hidden.
    • Rotation: Periodically rotate (regenerate) your API keys for security, especially if you suspect it may have been compromised.
    • Scope (if applicable): If Cinclus provides scoped or limited keys (for example, keys that only allow certain endpoints), use those to limit risk.

    With authentication set up, you're ready to start calling the API endpoints. Continue to the next sections to learn about making requests to generate text, have conversations, and create embeddings.

    Published