Authentication

All API requests require a Bearer token in the Authorization header. Unauthenticated requests return a 401 error.

API Keys

API keys follow the format masko_{64-hex-characters}. When you create a key, only the SHA-256 hash is stored on our servers - the raw key is shown once and cannot be retrieved later.

curl https://api.masko.ai/v1/credits \
  -H "Authorization: Bearer masko_YOUR_API_KEY"

Creating API Keys

Create API keys from the Developer dashboard or programmatically. Each account can have up to 10 active keys per workspace.

Personal vs Organization Keys

API keys are scoped to a workspace:

• Personal keys access your personal projects and deduct from your personal credits
• Organization keys access the team's projects and deduct from the team's credit pool

When you switch workspaces in the dashboard, the Developer page shows keys for that workspace. Organization keys can be created by admins and owners. Any team member can use an org key.

Rate Limits

The API enforces rate limits to ensure fair usage. If you exceed the limits, requests return a 429 Too Many Requests response.

• 60 requests per minute per API key
• 1,000 requests per hour per API key

Rate limit headers are included in every response: X-RateLimit-Remaining and X-RateLimit-Reset.

Credits

Each generation consumes credits from your account balance. Check your balance at any time via the /v1/credits endpoint.

Error Codes

The API uses standard HTTP status codes for error responses.