Authentication
Authenticate requests with a Maniac API key.
API keys
Every request to /v1/* is authenticated with a Maniac API key, sent as a
bearer token:
Authorization: Bearer sk-...The key resolves to an organization, which becomes the billing target and the scope for rate limiting and stored responses. Keys are created and managed in the Maniac dashboard.
Failure modes
The gateway is fail-closed on auth — a request that can't be authenticated never reaches a provider. Errors use the standard OpenAI envelope (see Errors):
| Situation | Status | type |
|---|---|---|
Missing or malformed Authorization header | 401 | authentication_error |
| Invalid, disabled, or expired key | 401 | authentication_error |
| Valid key with no associated organization | 403 | permission_error |
| Auth backend temporarily unavailable | 503 | api_error |
Rate limiting
Authenticated traffic is rate limited per organization using a fixed window. Every response carries the current budget in headers:
x-ratelimit-limit: 600
x-ratelimit-remaining: 599
x-ratelimit-reset: 1718380800Exceeding the window returns 429 rate_limit_error. See
Rate limits.
Internal service key
Server-to-server calls within Maniac use a separate internal service key. That path bypasses the billing gate and rate limiting and is not part of the public API — external integrations should always use an organization API key.