Tessera
ES EN
See pricing

API Reference

Authentication

Every Tessera API call authenticates with a Bearer token. Compatible with the official OpenAI client — just point `base_url` at `https://api.tesseraai.cloud/v1`.

Overview

Tessera uses the same scheme as OpenAI: an `Authorization: Bearer ` header on every request. If you already use the OpenAI SDK, you only swap `base_url` and `api_key`; the rest of your code is unchanged.

Getting your API key

When you sign up for a tier you receive a welcome email with your first API key, ready to use. Provisioning is manual during the current validation phase; in 2026 we will launch a customer portal for self-service (creation, rotation, revocation, usage metrics, billing).

  • For additional keys or rotation, email support@tesseraai.cloud.
  • The key is delivered to the contact email on the contract; do not forward it over unencrypted channels.
  • A single account can hold multiple active keys (e.g. dev / staging / prod).

Key format

Keys begin with `sk-tessera-`. Everything after that prefix is secret and is not recoverable: if you lose it, you have to rotate.

Example (format only — not a real key)
sk-tessera-Tj7mZJ8X2qKmRnGYpA4LbZqW8c3hN1JrV5fH9pK0

Using the key

Load the key from an environment variable. Never embed it in source code or expose it on the client.

Environment variable + three SDKs
export TESSERA_API_KEY="sk-tessera-..."

# Python
from openai import OpenAI
client = OpenAI(
    base_url="https://api.tesseraai.cloud/v1",
    api_key=os.environ["TESSERA_API_KEY"],
)

# Node.js
import OpenAI from "openai";
const client = new OpenAI({
  baseURL: "https://api.tesseraai.cloud/v1",
  apiKey: process.env.TESSERA_API_KEY,
});

# cURL
curl https://api.tesseraai.cloud/v1/embeddings \
  -H "Authorization: Bearer $TESSERA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"input":"Hello","model":"Qwen/Qwen3-Embedding-8B"}'

Rotation and best practices

  • Treat the key like a production credential: secrets manager (1Password, Vault, AWS Secrets Manager), never commits.
  • Rotate immediately on suspected exposure. Emailing support@tesseraai.cloud opens a replacement in <1 business hour.
  • Use a separate key per environment (dev / staging / prod). A compromise in one will not affect the others.
  • Limit access to the smallest set of services and people possible.

Authentication errors

CodeMeaningAction
401Authorization header missing or key invalidVerify the `Authorization: Bearer ...` header
403Valid key but no permission for this resourceCheck with support@tesseraai.cloud that your tier covers the endpoint
429Valid key but tier rate limit exceededApply exponential backoff. Detail at /docs/api/rate-limits