Authentication

Learn how to authenticate with the Gab AI API using API keys. Understand rate limits and secure your requests.

Getting Your API Key

To use the Gab AI API, you need an API key. Here's how to get one:

• Sign in to your Gab AI account
• Navigate to Settings → API
• Your API key is displayed—click to copy
• Securely store your key

Keep Your Key Secret

Your API key grants access to your account and credits. Never share it publicly, commit it to version control, or expose it in client-side code.

Using Your API Key

Include your API key in the Authorization header of all API requests:

Authorization Header

Complete cURL Example

Key format

Real Gab AI keys start with the gab_ or gab- prefix followed by hex characters (32–64 hex chars depending on which flow created the key). Treat the entire string as opaque — do not parse it.

SDK Configuration

When using OpenAI-compatible SDKs, configure the base URL and API key:

Node.js / JavaScript

Python

Environment Variables

Store your API key in environment variables rather than hardcoding it. This improves security and makes it easier to manage across environments.

Rate Limits

API requests are rate limited to ensure fair usage and platform stability. All API requests use credits — free default model messages in Plus are not included in API. When you exceed your rate limit, requests return a 429 status code. Implement exponential backoff or check the rate limit headers before making requests.

Plus Subscribers

10,000 requests per day

Enterprise

Custom limits available

• Rate limits reset daily at midnight UTC

Rate Limit Headers

All API responses include headers to help you track your rate limit usage:

1. X-RateLimit-Limit: 10000 — Maximum requests allowed per day
2. X-RateLimit-Remaining: 9847 — Requests remaining in current period
3. X-RateLimit-Reset: 1704153600 — Unix timestamp when limit resets

Checking Rate Limits

Best Practices

• Use environment variables — Never hardcode keys in source code
• Rotate regularly — Generate new keys periodically for security
• Separate keys — Use different keys for dev/staging/production
• Monitor usage — Check API usage in your dashboard regularly
• Revoke if exposed — Immediately regenerate compromised keys
• Use server-side — Never expose keys in client-side/browser code

Managing API Keys

You can manage your API keys programmatically or through the dashboard:

• View existing keys — See when keys were created and last used
• Create new keys — Generate additional keys via API or dashboard
• Revoke keys — Disable keys that are no longer needed
• Monitor usage — Track API calls and credit consumption

API Key Management Endpoint

You can also manage API keys programmatically using the /v1/api-keys endpoint. See the Endpoints documentation for details.

Authentication Errors

If authentication fails, you'll receive one of these errors:

1. 401 Invalid API key — The provided key is incorrect or malformed
2. 401 Missing API key — No Authorization header was provided
3. 402 Insufficient credits — Your credit balance is exhausted
4. 403 Key revoked — The API key has been disabled
5. 429 Rate limited — Too many requests, check rate limit headers

Error Response Format

Keep Your Key Secret

Your API key grants access to your account and credits. Never share it publicly, commit it to version control, or expose it in client-side code.

Authorization: Bearer YOUR_API_KEY

curl https://gab.ai/v1/chat/completions \\
  -H "Content-Type: application/json" \\
  -H "Authorization: Bearer gab_5e17f695110d1e02c90e4537445d85fc" \\
  -d '{
    "model": "arya",
    "messages": [
      {"role": "user", "content": "Hello!"}
    ]
  }'

Key format

Real Gab AI keys start with the gab_ or gab- prefix followed by hex characters (32–64 hex chars depending on which flow created the key). Treat the entire string as opaque — do not parse it.

import OpenAI from 'openai';

const client = new OpenAI({
  apiKey: process.env.GAB_API_KEY,
  baseURL: 'https://gab.ai/v1'
});

// Now use the client as normal
const response = await client.chat.completions.create({
  model: 'arya',
  messages: [{ role: 'user', content: 'Hello!' }]
});

import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ.get("GAB_API_KEY"),
    base_url="https://gab.ai/v1"
)

# Now use the client as normal
response = client.chat.completions.create(
    model="arya",
    messages=[{"role": "user", "content": "Hello!"}]
)

Environment Variables

Store your API key in environment variables rather than hardcoding it. This improves security and makes it easier to manage across environments.

const response = await fetch('https://gab.ai/v1/chat/completions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ model: 'arya', messages: [...] })
});

// Check rate limit headers
const limit = response.headers.get('X-RateLimit-Limit');
const remaining = response.headers.get('X-RateLimit-Remaining');
const reset = response.headers.get('X-RateLimit-Reset');

console.log(\`\${remaining}/\${limit} requests remaining\`);
console.log(\`Resets at: \${new Date(reset * 1000)}\`);

API Key Management Endpoint

You can also manage API keys programmatically using the /v1/api-keys endpoint. See the Endpoints documentation for details.

{
  "error": {
    "message": "Invalid API key provided",
    "type": "authentication_error",
    "code": "invalid_api_key",
    "param": null
  }
}

Last updated: 2026-06-18