Authentication

Every request to the GodFocus Platform API must include an API key.

API key format

Your API key looks like this:

gfp_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Keys always start with gfp_live_ followed by a 32-character random string. Keep them secret.

Authorization header

Pass your key in the Authorization header using the Bearer scheme:

Authorization: Bearer gfp_live_YOUR_KEY_HERE

Every request must include this header. Requests without it return 401 Unauthorized.

Key management

Go to Dashboard API Keys to:

• Generate a new key (shown once — copy it immediately)
• Revoke a key (instant, irreversible)
• View usage and credit consumption per key

You can create multiple keys — for example, one per application or environment.

Security best practices

Never expose your API key in client-side code. A key in a browser bundle or mobile app can be extracted by anyone.

Always call the GodFocus API from your backend server, never directly from the browser.

If a key is compromised, revoke it immediately from the Dashboard and generate a replacement.

Using environment variables

Store your key as an environment variable, never hardcoded:

export GODFOCUS_API_KEY="gfp_live_YOUR_KEY_HERE"

Then read it in your server code:

const apiKey = process.env.GODFOCUS_API_KEY;

import os
api_key = os.environ["GODFOCUS_API_KEY"]