---
title: "Authentication"
description: "How API key authentication works in Liutong"
---

All Liutong API requests require authentication via an API key.

## API Keys

Liutong API keys use the `lt_` prefix, making them easy to identify. Keys are issued through your organization's enrollment process — see [Getting Access](/docs/enrollment/getting-access).

### Using your API key

Pass your API key in the `Authorization` header as a Bearer token:

```
Authorization: Bearer lt_your_api_key
```

### With the OpenAI SDK

Both the Python and Node.js SDKs handle authentication automatically when you set the `api_key` parameter:

```python
from openai import OpenAI

client = OpenAI(
    base_url="https://api.liutong.llby.org/v1",
    api_key="lt_your_api_key",
)
```

```javascript
import OpenAI from "openai";

const client = new OpenAI({
    baseURL: "https://api.liutong.llby.org/v1",
    apiKey: "lt_your_api_key",
});
```

### With cURL

```bash
curl https://api.liutong.llby.org/v1/chat/completions \
  -H "Authorization: Bearer lt_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"model": "crimson-falcon-4", "messages": [{"role": "user", "content": "Hello"}]}'
```

## Security best practices

- **Never commit API keys to version control.** Use environment variables or a secrets manager.
- **Rotate keys periodically.** Contact your administrator to issue a new key and revoke old ones.
- **Use one key per application.** This makes it easy to track usage and revoke access if needed.

## Environment variables

We recommend storing your key in an environment variable:

```bash
export LIUTONG_API_KEY="lt_your_api_key"
```

Then reference it in code:

```python
import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.liutong.llby.org/v1",
    api_key=os.environ["LIUTONG_API_KEY"],
)
```