Skip to main content
DeepInfra supports two authentication methods:
  1. API keys — full-access tokens for your own use
  2. Scoped JWTs — short-lived, scope-limited tokens you can issue to third parties

API keys

Get your API keys from the Dashboard. Use them in the Authorization header:

Scoped JWT

Scoped JWT tokens let you grant limited inference access to third parties without sharing your API key. You can restrict the token by:
  • Models allowed — specific model(s) only
  • Expiration — time-limited (up to 1 year)
  • Spending limit — maximum USD spend
Usage is counted against the API key that was used to sign the JWT.

Create a scoped JWT

Response:
This creates a token limited to deepseek-ai/DeepSeek-R1, expiring in 1 hour, with a $1.00 spending limit. Optional fields (omit to remove restriction):
  • models — allow any model
  • expires_delta — no expiration (defaults to 1 year)
  • spending_limit — no spending limit
  • Use expires_at (unix timestamp) instead of expires_delta if preferred

Inspect a JWT

Use a scoped JWT

Use it exactly like a regular API key in the Authorization header:
Requests using disallowed models, expired tokens, or over-budget tokens will be rejected.

JWT format (advanced)

You can create and inspect scoped JWTs yourself using standard JWT libraries.
The kid field is {user_id}:{base64(api_key_name)} joined with colons. Only HS256 (HMAC-SHA256) is supported.

Payload

Signature

Token format