> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tulipai.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate Tulip Gateway clients, inference spending, providers, and settlement operators.

Tulip uses separate authorization layers for API access, on-chain credit spending, provider onboarding, and settlement operations.

## API key

Every `/v1/*` request requires a Tulip API key:

```http theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
Authorization: Bearer tulip_live_...
```

The health route is public. The settlement flush route uses a different operator credential.

## Inference permit

Chat requests also require a 32-byte on-chain permit ID:

```http theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
X-Tulip-Permit: 0x...
```

The Gateway reads the permit from Robinhood Chain and rejects it when it is missing, expired, closing, closed, bound to another model, or pinned to another provider offer.

## Quote

You may supply a previously created quote:

```http theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}}
X-Tulip-Quote: 0x...
```

Quotes expire after 60 seconds. A quote is bound to the exact model, messages, output limit, tools, tool choice, and response format. Changing the request invalidates it.

## Provider signature

Provider Gateway registration requires an EIP-712 signature from the offer's on-chain operator. The challenge binds:

* Offer ID.
* Hash of the endpoint URL.
* Single-use nonce.
* Expiration no more than 15 minutes in the future.

This signature authorizes private endpoint registration. It does not grant custody over the operator's assets.

## Settlement operator

`POST /settlements/flush` requires the separate settlement operator bearer token. It is intended for an internal worker, not frontend clients or providers.

<Warning>
  Never embed Gateway API keys, provider endpoint tokens, settlement credentials, or private keys in public frontend code.
</Warning>
