Authentication
The Pro Clubs Studio API uses API keys to authenticate requests. Every request must include a valid key in the X-API-Key header.
API key types
Each partner account has access to two key types, identifiable by their prefix:
| Key type | Prefix | Purpose |
|---|---|---|
| Live | sk_live_* | Production use. Deducts real credits and produces production-quality images. |
| Test | sk_test_* | Development and testing. No credit deduction, returns mock responses with placeholder images. |
Including your key in requests
Pass your API key in the X-API-Key HTTP header on every request:
curl "https://api.proclubsstudio.com/v1/images" \
-H "X-API-Key: sk_live_your_key_here" \
-H "Content-Type: application/json"Live vs Test environment
The key prefix determines the environment. Both environments use the same base URL and endpoints — the behaviour changes automatically.
| Behaviour | Live | Test |
|---|---|---|
| Credit deduction | Real credits deducted | No credits deducted |
| Image output | Production-quality, CDN-hosted URLs | Mock response with placeholder image URL — no real generation occurs |
| Usage metrics | Tracked in live metrics | Segregated from live; separate counters |
| Webhooks | Delivered with "environment": "live" | Delivered with "environment": "test" |
Security best practices
Store keys securely
Your API key is shown only once when created. Store it in a secrets manager or environment variable — never hard-code it in source files. Pro Clubs Studio stores only the SHA-256 hash of your key along with the prefix and last 4 characters for display.
Server-side only
Never include your API key in client-side code, mobile apps, or browser requests. All API calls must originate from your backend servers.
Rotate regularly
If you suspect a key has been compromised, revoke it immediately from the Partner Console and generate a new one. Revoked keys return 401 on all subsequent requests.
Use test keys for development
Use sk_test_ keys during development and CI/CD. Test requests return mock responses with the same JSON structure as live requests, so you can validate your integration logic without consuming credits. No real images are generated in test mode.
Authentication errors
When authentication fails, the API returns one of the following error responses:
INVALID_API_KEY
Returned when the API key is missing, malformed, or has been revoked. Check that the X-API-Key header is present and the key is valid.
{
"success": false,
"data": null,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid or has been revoked.",
"request_id": "req_abc123",
"docs_url": "https://platform.proclubsstudio.com/docs/errors/INVALID_API_KEY"
}
}PARTNER_SUSPENDED
Returned when the partner account associated with the key has been suspended. Contact support@proclubsstudio.com to resolve.
{
"success": false,
"data": null,
"error": {
"code": "PARTNER_SUSPENDED",
"message": "Your partner account has been suspended. Contact support.",
"request_id": "req_def456",
"docs_url": "https://platform.proclubsstudio.com/docs/errors/PARTNER_SUSPENDED"
}
}For the full list of errors, see the Error Reference.