API Authentication

You can cover model costs with novastack API keys.

Our API authenticates requests using Bearer tokens. This allows you to use curl or the OpenAI SDK  directly with novastack.

API keys on novastack are more powerful than keys used directly for model APIs.

They allow users to set credit limits for apps, and they can be used in OAuth  flows.

Using an API key

To use an API key, first create your key . Give it a name and you can optionally set a credit limit.

If you’re calling the novastack API directly, set the Authorization header to a Bearer token with your API key.

If you’re using the OpenAI Typescript SDK, set the api_base to https://novapai.ai/api/v1 and the apiKey to your API key.

import { Novastack AI } from '@openrouter/sdk';
 
const openRouter = new Novastack AI({
    apiKey: '<NOVASTACK_AI_API_KEY>',
    defaultHeaders: {
      'HTTP-Referer': '<YOUR_SITE_URL>', // Optional. Site URL for rankings on novapai.ai.
      'X-Novastack AI-Title': '<YOUR_SITE_NAME>', // Optional. Site title for rankings on novapai.ai.
    },
});
 
const completion = await openRouter.chat.send({
    model: 'openai/gpt-5.2',
    messages: [{ role: 'user', content: 'Say this is a test' }],
    stream: false,
});
 
console.log(completion.choices[0].message);

To stream with Python, see this example from OpenAI .

If your key has been exposed

You must protect your API keys and never commit them to public repositories.

novastack is a GitHub secret scanning partner, and has other methods to detect exposed keys. If we determine that your key has been compromised, you will receive an email notification.

If you receive such a notification or suspect your key has been exposed, immediately visit your key settings page  to delete the compromised key and create a new one.

Using environment variables and keeping keys out of your codebase is strongly recommended.