Skip to content
Supado Supado Docs

Authentication

Supado API requests use bearer token authentication. Send your API key in the Authorization header on every request.

Request

Section titled “Request”
HeaderValue
AuthorizationBearer <SUPADO_API_KEY>
Content-Typeapplication/json
Terminal window
curl https://supado.com/v1/chat/completions \
  -H "Authorization: Bearer $SUPADO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"Hello"}]}'

Before you start

Section titled “Before you start”
  • Create API keys from the Supado console.
  • Give each application or environment its own key when possible.
  • Store keys in server-side environment variables or a secrets manager.
  • Do not put keys in browser JavaScript, mobile app bundles, screenshots, or public Git repositories.

Example

Section titled “Example”

Node.js

Section titled “Node.js”
import OpenAI from "openai";


if (!process.env.SUPADO_API_KEY) {
  throw new Error("SUPADO_API_KEY is required");
}


export const supado = new OpenAI({
  apiKey: process.env.SUPADO_API_KEY,
  baseURL: "https://supado.com/v1",
});

Python

Section titled “Python”
import os
from openai import OpenAI


api_key = os.environ.get("SUPADO_API_KEY")
if not api_key:
    raise RuntimeError("SUPADO_API_KEY is required")


client = OpenAI(
    api_key=api_key,
    base_url="https://supado.com/v1",
)

Key handling

Section titled “Key handling”

If a request returns 401, print only whether the variable is present, not the key value:

Terminal window
test -n "$SUPADO_API_KEY" && echo "SUPADO_API_KEY is set"

Supado’s OpenAI-compatible endpoints expect bearer auth, not x-api-key. Use one space after Bearer, keep keys in server-side secrets, and avoid logging full request headers.

Rotate a key immediately if it appears in a public repository, client bundle, support ticket, or shared screenshot.