SolvelaDocs
Solvela

API Reference

Authentication

How authentication works with x402 and API keys

Solvela supports two authentication methods: the default x402 payment protocol for pay-per-use access, and API keys for enterprise organizations.

x402 (Default)

x402 is the default auth method. No account, no API key, and no subscription required — payment itself is the proof of authorization.

How it works:

  1. Send a request without any auth header.
  2. The gateway returns 402 Payment Required with the exact cost in USDC and a list of accepted payment schemes.
  3. Sign a USDC-SPL transaction on Solana for the quoted amount.
  4. Resubmit the request with the PAYMENT-SIGNATURE header.
  5. The gateway verifies the payment on-chain and processes the request.
# Step 1: initial request (no auth header needed)
curl https://api.solvela.ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "auto",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

# Gateway responds 402 with cost breakdown...

# Step 2: resubmit with payment signature
curl https://api.solvela.ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "PAYMENT-SIGNATURE: <signed-usdc-transaction>" \
  -d '{
    "model": "auto",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Tip

SDKs handle the full x402 flow automatically. You call one method and receive a response — no manual signing or retries needed.

Note

Rate limiting under x402 is applied per wallet address. Each Solana wallet is treated as an independent identity.

API Keys (Enterprise)

Enterprise organizations can use API keys for traditional header-based authentication. Keys are prefixed with solvela_k_ and are scoped to an organization.

Pass the key in the standard Authorization header:

curl https://api.solvela.ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer solvela_k_your_key_here" \
  -d '{
    "model": "auto",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Warning

API keys carry full organizational permissions. Store them in environment variables, never in source code. Rotate any key you suspect has been exposed.

Enterprise Features

Enterprise accounts with API key auth unlock additional capabilities:

FeatureDescription
Org hierarchyManage multiple teams under a single organization
Team budgetsSet hourly or daily spend caps per team
Session budgetsLimit spending for individual sessions or users
Audit logsFull request and payment history per key
Usage analyticsBreakdown of spend by model, team, and time period
Per-model restrictionsRestrict which models a team or key can access

Choosing a Method

x402API Key
Setup requiredNoneEnterprise account
Auth mechanismPayment signatureBearer token
Rate limitingPer wallet addressPer API key
BillingPay per requestManaged via org budgets
Best forIndividual use, developersTeams, production deployments

See x402 Protocol for the full protocol specification.