API Authentication
All WaveSpeedAI API requests require authentication using an API key.
How It Works
Include your API key in the Authorization header as a Bearer token:
Authorization: Bearer YOUR_API_KEYEvery request to the API must include this header. Requests without a valid API key will return 401 Unauthorized.
Get Your API Key
- Go to API Keys
- Click Generate to create a new key
- Copy and store it securely — you won’t be able to see it again
Note: API keys require a top-up to activate. Keys created before your first top-up will not work.
Code Examples
cURL
curl -X POST "https://api.wavespeed.ai/api/v3/wavespeed-ai/flux-dev" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"prompt": "A cat in space"}'Python
import os
import requests
api_key = os.environ.get("WAVESPEED_API_KEY")
response = requests.post(
"https://api.wavespeed.ai/api/v3/wavespeed-ai/flux-dev",
headers={
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
},
json={"prompt": "A cat in space"}
)JavaScript
const apiKey = process.env.WAVESPEED_API_KEY;
fetch("https://api.wavespeed.ai/api/v3/wavespeed-ai/flux-dev", {
method: "POST",
headers: {
"Authorization": `Bearer ${apiKey}`,
"Content-Type": "application/json"
},
body: JSON.stringify({ prompt: "A cat in space" })
})
.then(res => res.json())
.then(data => console.log(data));Security Best Practices
| Practice | Why |
|---|---|
| Use environment variables | Never hardcode API keys in your source code |
| Keep keys secret | Don’t commit keys to Git or share them publicly |
| Server-side only | Never expose keys in frontend/browser code |
| Rotate regularly | Generate new keys periodically and delete old ones |
| Use separate keys | Create different keys for different projects or environments |
Setting Environment Variables
Linux / macOS
export WAVESPEED_API_KEY="your-api-key"Windows (PowerShell)
$env:WAVESPEED_API_KEY="your-api-key"Windows (CMD)
set WAVESPEED_API_KEY=your-api-keyManaging API Keys
You can create multiple API keys from wavespeed.ai/accesskey:
- Create — Generate new keys for different projects
- Rename — Update key names for easier identification
- Delete — Revoke keys that are no longer needed
Deleted keys stop working immediately.
Error Codes
| Code | Message | Solution |
|---|---|---|
401 | Unauthorized | Check your API key is correct |
403 | Forbidden | Your account may be suspended — contact support |
429 | Too Many Requests | You’ve hit rate limits — wait or upgrade your account level |
Common Issues
API key not working?
- Make sure you’ve made at least one top-up (required to activate API access)
- Check for extra spaces when copying the key
- Verify the key hasn’t been deleted
- Ensure you’re using the correct header format:
Authorization: Bearer YOUR_KEY
Need more rate limits?
Upgrade your account by adding credits. See Account Levels for tier details.
Next Steps
- Get Started with API — Make your first API call
- How to Submit Task — API request details
- Account Levels — Rate limits and tiers