Authentication
Every request to the Furtune API must be authenticated. Nova designed one method:
a Bearer token in the Authorization header. That's it.
Nova Keys
Nova Keys are secret API tokens tied to your Furtune account. They begin with
ft_ and are available to Guardian members.
Create and manage them from Settings → Security in the app.
Making an authenticated request
Pass your key as a Bearer token on every request:
Authorization: Bearer ft_your_key_hereFull example. If you omit stream, the API returns a standard non-streaming JSON response by default:
curl https://api.furtune.app/v1/chat/completions \
-X POST \
-H "Authorization: Bearer ft_your_key_here" \
-H "Content-Type: application/json" \
-d '{ "model": "nova", "messages": [{ "role": "user", "content": "Hello" }] }'Error responses
| Status | Body | Meaning |
|---|---|---|
401 | { "error": { "message": "Missing or invalid API key.", "type": "invalid_request_error", "param": null, "code": "invalid_api_key" } } | No key provided, key is invalid, or key has been revoked. |
403 | { "error": { "message": "This API key does not have access to this resource.", "type": "insufficient_permissions", "param": null, "code": "forbidden" } } | Key is valid but the associated account lacks permission for this resource. |
Security best practice
Store your key in an environment variable — never hardcode it or commit it to source control.
Use
FURTUNE_API_KEY=ft_... and read it at runtime.
Keys are shown once
Nova reveals the full key only at creation time. After that, only the prefix is visible
in the UI. If you lose a key, revoke it and create a new one.