API Keys

Overview

API keys authenticate the WordPress plugin with the Picture Optimizer cloud service. Each key is tied to your user account and inherits your credit balance and plan limits.

Generate a Key

1. Log in to your SerpTransformer dashboard
2. Navigate to Settings → API Keys
3. Click Generate New Key
4. Copy the key immediately

Key Format

API keys follow the format:

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The key is hashed and stored server-side. When the WordPress plugin sends a request, the gateway hashes the provided key and matches it against stored hashes.

Using the Key

In WordPress Plugin

Enter the key in Settings → Picture Optimizer → API Key. The plugin includes it as an X-API-Key header on every request to the Flask API gateway.

In Direct API Calls

If you're making API calls programmatically (not through the WordPress plugin), include the key as a header:

curl -H "X-API-Key: sk-your-key-here" \
     https://your-api-domain.com/image-forge-api/v1/credits/balance

Key Management

Multiple Keys

You can generate multiple API keys for different WordPress installations. Each key is independently active and can be deactivated without affecting others.

Deactivating a Key

From Settings → API Keys, click the toggle next to a key to deactivate it. Deactivated keys immediately stop working — any WordPress plugin using that key will receive authentication errors.

Deleting a Key

Deleted keys are permanently removed and cannot be recovered. Generate a new key if needed.

Security Best Practices

• Never commit API keys to version control
• Use different keys for staging and production WordPress sites
• Rotate keys periodically
• Deactivate keys for sites you no longer manage
• The API key is stored encrypted in the WordPress wp_options table