Authentication

Every endpoint requires an API key — there is no anonymous access, including the model catalog. Keys are created and revoked in the client portal.

Headers

Send your key in one of two headers on every request. Authorization: Bearer is preferred; X-API-Key is accepted as an alternative for clients that reserve the Authorization header.

auth.sh
# Preferred
curl https://api.rendergrid.io/api/public/v1/models \
  -H "Authorization: Bearer rg_live_xxx"

# Also accepted
curl https://api.rendergrid.io/api/public/v1/models \
  -H "X-API-Key: rg_live_xxx"

Key format

Keys are prefixed by environment: rg_live_… for production and rg_test_… for test keys, followed by a 40-character token. The full key is displayed when you create it in the portal — store it securely; the API only ever sees a hash.

Authentication errors

Authentication failures use a plain {"detail": "..."} body — not the standard error envelope used by all other errors:

401 / 403 responses
HTTP/1.1 401 Unauthorized
{"detail": "authentication_required"}   # no credential sent

HTTP/1.1 401 Unauthorized
{"detail": "api_key_invalid"}           # key not recognized

HTTP/1.1 403 Forbidden
{"detail": "account_disabled"}          # key is valid, account is disabled

Handling your key

  • Keep keys server-side only — never embed them in client-side code, mobile apps, or public repositories.
  • Load keys from environment variables or a secret manager, not from source code.
  • If a key leaks, create a replacement in the portal and revoke the old one — revocation is immediate.
  • Use separate keys per integration so you can track usage and revoke independently.