Authentication
Secure your Fusion AI API requests with our flexible authentication system. Choose between API keys for simplicity or JWT tokens for enhanced security.
Authentication Methods
Recommended
API Key Authentication
Simple and secure API key-based authentication for most use cases
Quick setup and immediate use
No token expiration management
Perfect for server-side applications
Rate limiting and usage tracking
JWT Token Authentication
JSON Web Token authentication for advanced security requirements
Enhanced security with expiration
Stateless authentication
Perfect for client-side applications
Custom claims and permissions
API Key Authentication
Getting Your API Key
Get your API key from the Fusion AI dashboard. All API keys start with sk-fusion-.
API Key Format
sk-fusion-1234567890abcdef...56 characters total, always starts with "sk-fusion-"
Using API Keys in Requests
Authorization Header (Recommended)
curl -X POST https://api.mcp4.ai/chat \
-H "Authorization: Bearer sk-fusion-your-api-key-here" \
-H "Content-Type: application/json" \
-d '{
"prompt": "Hello, world!",
"provider": "neuroswitch"
}'JavaScript Example
const response = await fetch('https://api.mcp4.ai/chat', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk-fusion-your-api-key-here',
'Content-Type': 'application/json'
},
body: JSON.stringify({
prompt: 'Hello, world!',
provider: 'neuroswitch'
})
});
const data = await response.json();Python Example
import requests
headers = {
'Authorization': 'Bearer sk-fusion-your-api-key-here',
'Content-Type': 'application/json'
}
data = {
'prompt': 'Hello, world!',
'provider': 'neuroswitch'
}
response = requests.post(
'https://api.mcp4.ai/chat',
headers=headers,
json=data
)JWT Token Authentication
Advanced Feature
JWT authentication is available for enterprise customers who need enhanced security, custom permissions, or client-side authentication flows.
JWT Token Structure
{
"header": {
"alg": "RS256",
"typ": "JWT"
},
"payload": {
"sub": "user_12345",
"iss": "fusion-ai",
"aud": "api.mcp4.ai",
"exp": 1704067200,
"iat": 1704063600,
"scope": ["chat", "models", "account"]
}
}Using JWT Tokens
curl -X POST https://api.mcp4.ai/chat \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-d '{
"prompt": "Hello, world!",
"provider": "neuroswitch"
}'Security Best Practices
✅ Do This
Store API keys in environment variables
Use HTTPS for all API requests
Rotate API keys regularly
Monitor API key usage in dashboard
Use separate keys for different environments
❌ Avoid This
Never expose API keys in client-side code
Don't commit API keys to version control
Avoid sharing API keys via email or chat
Don't use the same key across multiple projects
Never log API keys in application logs
Environment Variables Setup
Node.js / JavaScript
.env file
FUSION_AI_API_KEY=sk-fusion-your-api-key-here FUSION_AI_BASE_URL=https://api.mcp4.ai
Usage in code
const apiKey = process.env.FUSION_AI_API_KEY; const baseUrl = process.env.FUSION_AI_BASE_URL;
Python
.env file
FUSION_AI_API_KEY=sk-fusion-your-api-key-here FUSION_AI_BASE_URL=https://api.mcp4.ai
Usage in code
import os
from dotenv import load_dotenv
load_dotenv()
api_key = os.getenv('FUSION_AI_API_KEY')
base_url = os.getenv('FUSION_AI_BASE_URL')Test Your Authentication
Use our interactive Swagger UI to test your API key authentication immediately
Authentication Troubleshooting
401 Unauthorized Error
Your API key is missing, invalid, or incorrectly formatted.
- • Verify your API key starts with "sk-fusion-"
- • Check the Authorization header format: "Bearer sk-fusion-..."
- • Ensure no extra spaces or characters in the key
403 Forbidden Error
Your API key is valid but doesn't have required permissions.
- • Check your account plan and limits
- • Verify the endpoint is included in your plan
- • Contact support if you believe this is an error