API
Authentication
Pendra authenticates every request with a single API key. Keys are scoped to a Pendra organisation; rotate or revoke them at any time from the console without losing usage history.
Key format
Keys start with the literal prefix pdr_sk_ followed by a
32-byte URL-safe random string. Pendra stores only a SHA-256 hash of the
key, so the raw value is shown exactly once at creation —
save it immediately.
pdr_sk_xQ8yX... # ~50 characters totalHow to send the key
Pendra accepts the key on either of two headers; pick whichever your SDK uses.
Authorization: Bearer (recommended)
curl https://api.pendra.ai/api/v1/chat/completions \
-H "Authorization: Bearer pdr_sk_..." \
-H "Content-Type: application/json" \
-d '{"model":"qwen3.6:27b","messages":[{"role":"user","content":"Hello"}]}'x-api-key (Anthropic SDK compatibility)
The Anthropic Messages endpoint at /v1/messages also accepts
x-api-key, which is how the official Anthropic SDK and Claude
Code send credentials.
curl https://api.pendra.ai/v1/messages \
-H "x-api-key: pdr_sk_..." \
-H "anthropic-version: 2023-06-01" \
-H "Content-Type: application/json" \
-d '{"model":"qwen3.6:27b","max_tokens":256,"messages":[{"role":"user","content":"Hello"}]}'Creating and rotating keys
- Sign in to the Pendra console.
- Open API Keys from the sidebar.
- Click Create key, give it a name (e.g. "production server"), and copy the resulting
pdr_sk_value. - Store the key in your secret manager. The raw key cannot be retrieved again.
To rotate, create a new key, deploy it, then delete the old one. Deleted keys stop working immediately; existing usage logs remain.
Scopes & limits
- Every key belongs to exactly one organisation.
- Keys can call any inference endpoint (
/chat/completions,/embeddings,/images/generations,/audio/transcriptions,/v1/messages,/v1/responses) and read-only listings (/models,/catalogue). - Console-only actions (managing keys, billing, worker provisioning) sign in with your Pendra account instead of an API key — do those in the console UI.