Bearer tokens.

Every request must include an Authorization header with your key. Keys start with osk_live_.

Header

Authorization: Bearer osk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Failure modes

Missing or invalid keys return 401. Revoked or expired keys return 403. Quota exhaustion returns 429.

Rotate often

Rotation issues a new secret and immediately invalidates the previous one. There is no overlap window.