Authentication - Duckie

Duckie API requests use API keys created in Duckie. Send the full key in the Authorization header using the bearer scheme.

Authorization: Bearer dk_live_your_api_key

Create an API Key

Create keys from Settings -> API Access. The full key is shown once after creation, so store it before closing the dialog. Keys start with dk_live_. Duckie stores only a hash and a display preview after creation.

Example Request

curl "https://app.useduckie.ai/api/v1/tools?type=custom_tool" \
  -H "Authorization: Bearer dk_live_your_api_key"

Scopes

Every key has one or more read scopes. A request fails with 403 permission_denied when the key does not include the required scope.

Scope	Allows
`api:runs:read`	Read runs and run tool filter options
`api:tools:read`	Read tools
`api:agents:read`	Read agents
`api:guidelines:read`	Read guidelines
`api:guardrails:read`	Read guardrails
`api:runbooks:read`	Read runbooks

The create-key dialog selects all read scopes by default. You can remove scopes when you want a key to access only a subset of the API.

Invalid or Expired Keys

The API returns 401 unauthenticated when a key is missing, malformed, unknown, expired, or revoked.

{
  "error": {
    "code": "unauthenticated",
    "message": "Invalid API key",
    "request_id": "req_123"
  }
}

Revoking a key in Settings stops new requests with that key immediately.

​Create an API Key

​Example Request

​Scopes

​Invalid or Expired Keys

Create an API Key

Example Request

Scopes

Invalid or Expired Keys