Authentication

Fire Mission API keys are prefixed fm_live_ (production) or fm_test_ (test). Each key has its own spend cap, monthly call cap, and audit trail. Create and rotate keys in the dashboard under API Key Management.

OpenAI surface

Pass your Fire Mission key as a Bearer token, exactly like an OpenAI key:

HTTP header http
Authorization: Bearer fm_live_abc123...

Anthropic surface

Pass your Fire Mission key as x-api-key, exactly like an Anthropic key:

HTTP headers http
x-api-key: fm_live_abc123...
anthropic-version: 2023-06-01

Key types

PrefixUseTracked
fm_live_Production trafficYes — counts against caps and billing
fm_test_CI / stagingYes — separate spend ledger

Provider keys (BYOK)

Provider keys for OpenAI, Anthropic, Google, Groq, etc. are configured separately in the dashboard. They are AES-256 encrypted at rest and used only to forward your call to the upstream provider. Fire Mission never persists raw prompts or completions — only metadata. See the BYOK guide for the full lifecycle.

Revoking keys

Revoke a key from the dashboard or via the gateway operation org.api-key.revoke. Revocation is immediate and is recorded in the audit log with the actor, IP, and reason.