API live, access flow being productized
Gateway Access And Keys
Public access path, API key boundary, environment variables, minimal verification, and safe integration rules for TokenDance Gateway.
What this page solves
TokenDance Gateway is a live API entry point, but the public site does not issue real API keys. This page documents the public-safe integration path: base URL, credential boundary, environment variables, minimal verification, support evidence, and information that must not be published.
Access path
| Item | Public value | Notes |
|---|---|---|
| Base URL | https://api.vectorcontrol.tech/v1 | OpenAI-compatible API base URL |
| Auth header | Authorization: Bearer $TOKENDANCE_API_KEY | Use only TokenDance API keys; do not use TokenDance ID access tokens |
| Key source | Controlled issuance flow | The public site does not display, generate, or echo real keys |
| Recommended storage | Server secret storage, local environment variables, controlled CI secrets | Do not store keys in frontend bundles, localStorage, public issues, or screenshots |
Environment variables
| Variable | Purpose | Public example |
|---|---|---|
| TOKENDANCE_API_KEY | Model API call credential | Show only the variable name, never a real value |
| TOKENDANCE_BASE_URL | OpenAI-compatible base URL | https://api.vectorcontrol.tech/v1 |
| TOKENDANCE_MODEL | Model or alias for the request | Public examples use your-model; it is a placeholder, not a real model claim |
| TOKENDANCE_REQUEST_ID | Request id for support triage | A redacted request id may be shared; do not share full provider payloads |
Minimal verification
Run a low-cost request first to confirm the key, base URL, model name, and network path before connecting an Agent, CI job, or backend service.
powershell
$env:TOKENDANCE_BASE_URL = "https://api.vectorcontrol.tech/v1"
curl.exe "$env:TOKENDANCE_BASE_URL/models" -H "Authorization: Bearer $env:TOKENDANCE_API_KEY"Integration checklist
- Confirm the credential is a TokenDance API key, not a TokenDance ID access token.
- Confirm the SDK base URL includes `/v1`.
- Confirm the model name comes from the currently accessible list, and do not put internal model names in public docs.
- Record error responses and request ids in private support evidence.
- Register key owner, purpose, quota, and rotation responsibility.
Do not publish
- Real API keys, complete Authorization headers, provider upstream keys, admin tokens.
- Internal model lists, private provider payloads, user prompts, complete responses, private logs.
- Production host paths, deployment directories, database paths, SSH aliases, rollback commands.