Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.omnifence.ai/llms.txt

Use this file to discover all available pages before exploring further.

All API requests (except /health) require a valid API key passed as a Bearer token.

Making authenticated requests

Include your API key in the Authorization header: 
curl https://api.evershield.ai/api/v1/job/YOUR_JOB_ID \
  -H "Authorization: Bearer YOUR_API_KEY"

Obtaining API keys

Create and manage API keys from the API Keys page in the Stars dashboard. The full key value is shown once at creation — copy and store it securely; the dashboard will only display the prefix afterwards. Each key is owned by your account and inherits your organization’s rate limits and scopes.
Treat API keys as secrets. Do not commit them to version control or expose them in client-side code. If a key leaks, revoke it from the dashboard and create a new one.

How authentication works

When you send a request:
  1. The API hashes your key with its configured key hasher and looks it up in the apikey table.
  2. If the key is enabled and still valid, the API resolves your organization and loads your scopes.
  3. The request is processed; your account’s rate limits apply.
If the key is invalid, disabled, or missing, the API returns a 401 UNAUTHORIZED error.

Scopes

Each API key carries one or more scopes. The API enforces scopes at runtime — requests missing the required scope receive a 403 FORBIDDEN response.
ScopeRequired for
moderate:promptPOST /api/v1/moderate/prompt
moderate:imagePOST /api/v1/moderate/image
moderate:videoPOST /api/v1/moderate/video
job:readGET /api/v1/job/{id}, GET /api/v1/job/{id}/progress
usage:readGET /api/v1/usage
Client-created keys default to the client scope set (moderate:prompt, moderate:image, moderate:video, job:read, usage:read). admin:config is reserved for staff access via the dashboard UI and is not issued to programmatic keys.
If your key is missing a required scope, the API returns 403 FORBIDDEN. Contact support if you need the scopes on your key adjusted.

Account termination

If your account has been terminated by an administrator (for example, after a manual review following repeated policy violations), all requests return a 403 ACCOUNT_TERMINATED error regardless of the API key used. 
{
  "error": "ACCOUNT_TERMINATED",
  "message": "Account has been terminated",
  "statusCode": 403
}