Skip to main content
Every request to the Cline API must include a valid API key in the Authorization header. Requests without a valid key return a 401 Unauthorized error.

Get an API key

1

Sign in to app.cline.bot

Go to app.cline.bot and sign in with your Cline account.
2

Open API Keys

Navigate to Settings > API Keys.
3

Create and copy your key

Click Create API Key. Copy it immediately — you cannot view it again after leaving this page.
Treat your API key like a password. Do not commit it to version control or share it publicly.

Send the key in requests

Include your API key as a Bearer token in the Authorization header: 
Authorization: Bearer YOUR_API_KEY

curl example

curl -X POST https://api.cline.bot/api/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "anthropic/claude-sonnet-4-6",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Use an environment variable

Store the key in an environment variable instead of hardcoding it: 
export CLINE_API_KEY="your_api_key_here"

curl -X POST https://api.cline.bot/api/v1/chat/completions \
  -H "Authorization: Bearer $CLINE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "anthropic/claude-sonnet-4-6", "messages": [{"role": "user", "content": "Hello"}]}'

Use a .env file

# .env — add this file to .gitignore
CLINE_API_KEY=your_api_key_here

import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.cline.bot/api/v1",
    api_key=os.environ["CLINE_API_KEY"],
)

Revoke a key

You can delete an API key at any time from Settings > API Keys in app.cline.bot. Deleted keys stop working immediately. You can also manage keys via the API: 
# List your keys
curl https://api.cline.bot/api/v1/api-keys \
  -H "Authorization: Bearer YOUR_API_KEY"

# Delete a key
curl -X DELETE https://api.cline.bot/api/v1/api-keys/KEY_ID \
  -H "Authorization: Bearer YOUR_API_KEY"

Optional headers

You can include these optional headers to improve usage tracking and debugging:
HeaderDescription
HTTP-RefererYour application’s URL. Appears in usage logs.
X-TitleYour application’s name. Appears in usage logs.

Auth errors

If authentication fails, the API returns a 401 HTTP status with this body: 
{
  "error": {
    "code": 401,
    "message": "Invalid API key",
    "metadata": {}
  }
}
Common causes and fixes:
ErrorCauseFix
401 UnauthorizedMissing or invalid API keyCheck the Authorization header and verify your key at app.cline.bot
403 ForbiddenKey does not have access to the requested resourceCheck key permissions
402 Payment RequiredAccount has no remaining creditsAdd credits at app.cline.bot

Security best practices

Do:
  • Store keys in environment variables or a secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault)
  • Use separate keys for development and production
  • Rotate keys periodically
  • Delete keys you no longer use
Do not:
  • Commit keys to version control
  • Share keys in chat, email, or issue trackers
  • Embed keys in client-side code (browsers, mobile apps)
  • Log keys in application output

Chat completions

Make your first authenticated API request.

Errors

Full list of error codes and how to handle them.