Skip to main content

Overview

CheckThat AI provides unified access to multiple AI providers through their existing API keys. Instead of creating new API keys, you use your existing keys from OpenAI, Anthropic, Google, xAI, or Together AI to access their models through our platform.
Keep your provider API keys secure! Never expose any API keys in client-side code, public repositories, or unsecured locations. Treat them like passwords.

Provider API Keys

CheckThat AI requires API keys from the specific providers whose models you want to use:
1

Choose your providers

Decide which AI providers you want to use:
  • OpenAI: GPT-4o, GPT-5, o3, o4-mini
  • Anthropic: Claude Sonnet 4, Sonnet Opus 4.1
  • Google: Gemini 2.5 Pro, Gemini 2.5 Flash
  • xAI: Grok 4, Grok 3, Grok 3 Mini
  • Together AI: Llama 3.3 70B, Deepseek models
2

Get provider API keys

Obtain API keys from your chosen providers:

OpenAI

Create API key at platform.openai.com

Anthropic

Get API key from console.anthropic.com

Google AI

Generate key at ai.google.dev

xAI

Obtain key from x.ai platform
3

Set environment variables

Store your API keys securely as environment variables:
export OPENAI_API_KEY="sk-proj-your-openai-key"
export ANTHROPIC_API_KEY="sk-ant-your-anthropic-key"
export GEMINI_API_KEY="your-gemini-api-key"
export XAI_API_KEY="your-xai-api-key"
export TOGETHER_API_KEY="your-together-api-key"
4

Test your setup

Verify your setup using the Python SDK:
from checkthat_ai import CheckThatAI

# Test with OpenAI
client = CheckThatAI(api_key=os.getenv("OPENAI_API_KEY"))
models = client.models.list()
print("Available models:", len(models.models_list))

Authentication Methods

You can provide your provider API keys in several ways when using CheckThat AI:

Security Best Practices

Environment Variables

Store API keys in environment variables, never in code:
Security Best Practice: Environment variables keep keys out of your source code.
export CHECKTHAT_API_KEY="sk-checkthat-your-key-here"

Separate Keys

Use different API keys for different environments:
  • Development: CHECKTHAT_DEV_KEY
  • Staging: CHECKTHAT_STAGING_KEY
  • Production: CHECKTHAT_PROD_KEY

Key Rotation

Regularly rotate your API keys:
  • Create new key
  • Update applications
  • Revoke old key

Access Control

Limit key access within your team:
  • Use key management systems
  • Implement least-privilege access
  • Monitor key usage

Environment Variable Usage

const apiKey = process.env.CHECKTHAT_API_KEY;

const response = await fetch('https://api.checkthat-ai.com/chat', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${apiKey}`
  },
  body: JSON.stringify({
    user_query: 'Your claim here',
    model: 'gpt-4'
  })
});

Configuration Files

  • .env file
  • Docker Compose
  • Kubernetes Secret
# .env
CHECKTHAT_API_KEY=sk-checkthat-1234567890abcdef
CHECKTHAT_BASE_URL=https://api.checkthat-ai.com
Never commit .env files to version control! Add .env to your .gitignore file.

Error Responses

When authentication fails, the API returns specific error responses:

Missing API Key

{
  "detail": "API key is required"
}

Invalid API Key

{
  "detail": "Invalid API key"
}

Expired/Revoked Key

{
  "detail": "API key has been revoked or expired"
}

Troubleshooting

Common causes:
  • Whitespace in API key (trim the key)
  • Wrong header format (ensure “Bearer ” prefix)
  • Key copied incorrectly (verify character count)
  • Environment variable not loaded
Solution:
# Test your key directly
curl -v -H "Authorization: Bearer $(echo $CHECKTHAT_API_KEY | tr -d '[:space:]')" \
  https://api.checkthat-ai.com/health
Possible causes:
  • Network issues causing header corruption
  • Load balancer configuration problems
  • Concurrent requests with rate limiting
Solution: Implement retry logic with exponential backoff for 401 errors.
Common issues:
  • Different API keys with different permissions
  • Environment variables not set correctly
  • Different base URLs
Solution:
# Verify environment configuration
echo "API Key: ${CHECKTHAT_API_KEY:0:20}..."
echo "Base URL: $CHECKTHAT_BASE_URL"

Rate Limiting and API Keys

Each API key has associated rate limits based on your subscription plan:

Free Tier

  • 100 requests/hour
  • 1,000 requests/month
  • Basic model access

Pro Plan

  • 1,000 requests/hour
  • 50,000 requests/month
  • All models available

Enterprise

  • Custom limits
  • Dedicated support
  • SLA guarantees
Monitor the following response headers to track your usage:
  • X-RateLimit-Limit: Your rate limit
  • X-RateLimit-Remaining: Requests remaining
  • X-RateLimit-Reset: When limit resets

Need Help?

If you’re experiencing authentication issues:
  1. Check your implementation against the examples above
  2. Test with the Python SDK using the provided examples
  3. Contact support at [email protected]
  4. Report issues on GitHub
When contacting support, never include your actual API key. Instead, provide only the prefix (e.g., “sk-proj-…” or “sk-ant-…”) and describe the issue.