Public API

The public API lets integrators trigger the same AI services as the dashboard. It is exposed under https://creapic.click/api/public and secured with workspace API keys.

Generate an API key

1. Go to Account → Settings → Security.
2. In the API keys block, select the target organization, choose the scopes, and click Generate key.
3. Copy the key immediately (it is shown only once) and store it safely.

Scopes determine which endpoints a key can call:

Keys are organization-scoped. The user who creates the key must be an owner or admin of that organization.

Calling the API

Send the key via Authorization: Bearer <api-key> (or the x-api-key header). The backend deduces the organization from the key; no organizationId field is required.

curl \
  -X POST "https://app.example.com/api/public/images/generate" \
  -H "Authorization: Bearer sk_XXXX" \
  -H "Content-Type: application/json" \
  -d '{
    "source": {
      "type": "text",
      "text": "Article about citrus mocktails with summer ingredients"
    },
    "aspectRatio": "4:5",
    "quality": "hd"
  }'

Successful responses mirror the internal dashboard (JSON payload with generation, imageUrl, etc.). Errors use standard HTTP codes (401 invalid key, 403 wrong organization or missing scope, 402 insufficient tokens, …).

Token consumption

Image generation and scene composition debit the organization’s token balance. Make sure the account has tokens before invoking the API.

Endpoint matrix

Best practices

• Rotate keys regularly and revoke unused ones in the API keys block.
• Capture HTTP errors and surface them to the calling system (rate limits, token exhaustion, invalid payloads).
• Never embed keys in client-side code; keep them on server-side integrations only.
• Log request identifiers (generation.id, render.id) to ease support when coordinating with the dashboard.

A full OpenAPI description is available at https://<your-domain>/api/openapi if you need typed clients.