Authentication
All API requests require a Bearer token in the Authorization header. Unauthenticated requests return a 401 error.
API Keys
API keys follow the format masko_{64-hex-characters}. When you create a key, only the SHA-256 hash is stored on our servers - the raw key is shown once and cannot be retrieved later.
curl https://api.masko.ai/v1/credits \
-H "Authorization: Bearer masko_YOUR_API_KEY"Keep your API key secret. Do not expose it in client-side code or public repositories. If a key is compromised, revoke it immediately from the dashboard.
Creating API Keys
You can create API keys from the Developer dashboard or programmatically through the API. Each key can be given a name for easy identification.
Rate Limits
The API enforces rate limits to ensure fair usage. If you exceed the limits, requests return a 429 Too Many Requests response.
- 60 requests per minute per API key
- 1,000 requests per hour per API key
Rate limit headers are included in every response: X-RateLimit-Remaining and X-RateLimit-Reset.
If you need higher rate limits for production use, reach out to paul@masko.ai.
Credits
Each generation consumes credits from your account balance. Check your balance at any time via the /v1/credits endpoint.
| Type | Cost |
|---|---|
| Image | 1 credit |
| Animation | 5 credits per second |
| Logo | 20 credits |
| Edit | 1 credit |
Error Codes
The API uses standard HTTP status codes for error responses.
| Code | Meaning |
|---|---|
401 | Invalid or missing API key |
402 | Insufficient credits - top up your balance to continue |
403 | Access denied - you do not own this resource |
429 | Rate limit exceeded - wait and retry |
500 | Internal server error - contact support if persistent |