Skip to content
LLMTR Docs

Authentication

LLMTR uses two sign-in flows:

  • Dashboard sessions — for the web interface.
  • API requests — via Authorization: Bearer sk_....

Bearer token for API

Section titled “Bearer token for API”

All /v1/* endpoints expect:

Authorization: Bearer sk_your_key_here

Missing or invalid header returns 401 Unauthorized.

Dashboard session

Section titled “Dashboard session”

Dashboard sessions are protected with secure cookies. Session renewal and validity are handled by the application, so you do not need to carry tokens manually in the browser.

API key security

Section titled “API key security”
  • The raw key is shown only once at creation.
  • Dashboard shows only the prefix (e.g. sk_abc...).
  • Revoke from Dashboard > API Keys if leaked; issue a new key.

See API Keys for more.