Getting Started
Authentication
How to create, manage, and secure your MakePhotos API key.
Authentication
All API requests require an API key passed as a query parameter.
Getting your API key
- Sign up at makephotos.ai/signup with Google
- Subscribe to any plan (Starter, Pro, Max, or Ultra)
- Go to the developer dashboard
- Click Create API Key
Your key will look like:
mk_live_a3f8e9b1c4d7f2e6a0b3c5d8e1f4a7b9Copy it immediately — you won't be able to see it again. If you lose it, you can regenerate a new one (which revokes the old key).
Using your API key
With the SDK
import MakePhotos from 'makephotos';
const client = new MakePhotos({
apiKey: 'mk_live_...',
});With curl
curl "https://makephotos.ai/api/v1/credits?key=mk_live_..."The key is passed as the key query parameter on every request.
Security best practices
- Keep your key server-side only. Never expose it in client-side browser code, mobile apps, or public repositories.
- Use environment variables. Store it as
MAKEPHOTOS_API_KEYin your.envfile. - Don't commit keys. Add
.envto your.gitignore. - Rotate if compromised. Regenerate your key from the developer dashboard — the old key stops working immediately.
API keys in query parameters can appear in server access logs and proxy logs. This is an accepted trade-off for simplicity, but reinforces the need to keep keys server-side.
Key management
| Action | How |
|---|---|
| Create | Developer dashboard → Create API Key |
| View prefix | Dashboard shows mk_live_a3f8... (masked) |
| Regenerate | Dashboard → Regenerate (old key revoked instantly) |
| Revoke | Dashboard → Revoke (key deleted, API calls fail immediately) |
You can have one API key at a time. Regenerating creates a new key and revokes the previous one.