Octospark accepts bearer tokens in the Authorization header. 
Authorization: Bearer $OCTOSPARK_TOKEN

API keys

Create keys from Organization settings - API Keys. Only organization members with manage_api_keys can create, list, or revoke keys. API keys cannot create, list, or revoke other API keys. The manage_api_keys permission is reserved for interactive user sessions and is never granted to API-key bearer tokens. API keys use the octo_live_ or octo_test_ prefix. The raw token is shown only once at creation time. Store it in your secret manager and pass it to SDKs through OCTOSPARK_TOKEN. 
export OCTOSPARK_TOKEN="octo_live_..."

Use a key

curl "https://api.octospark.ai/v1/organizations?limit=1" \
  -H "Authorization: Bearer $OCTOSPARK_TOKEN"
Revoke keys from the same API Keys page. Revoked keys fail subsequent bearer authentication with 401.

Storage model

Octospark stores API keys encrypted at rest with AES-256-GCM and also stores a SHA-256 hash for lookup. The encrypted token is not used for normal authentication lookup, and the raw token is never returned after creation.