ideogram-security-basics

# Ideogram Security Basics ## Overview Secure your Ideogram API integration. Ideogram uses a single `Api-Key` header for authentication -- there are no OAuth scopes, roles, or fine-grained permissions. Security focuses on key management, environment isolation, prompt sanitization, and preventing key exposure. ## Prerequisites - Ideogram API key from dashboard - Understanding of environment variables - `.gitignore` configured for secrets ## Instructions ### Step 1: Secure Key Storage ```bash # .env (NEVER commit) IDEOGRAM_API_KEY=your-key-here # .gitignore -- add these lines .env .env.local .env.*.local *.key ``` ```typescript // Validate key exists at startup -- fail fast function requireApiKey(): string { const key = process.env.IDEOGRAM_API_KEY; if (!key || key.length < 10) { throw new Error("IDEOGRAM_API_KEY not set or invalid. Check .env file."); } return key; } ``` ### Step 2: Key Rotation Procedure Ideogram shows the full API key only once at creation. To rotate: ```bash set -euo pipefail # 1. Create new key in Ideogram dashboard (Settings > API Beta > Create API key) # 2. Store new key immediately -- it won't be shown again # 3. Update your environment export IDEOGRAM_API_KEY="new-key-value" # 4. Verify new key works curl -s -o /dev/null -w "%{http_code}" \ -X POST https://api.ideogram.ai/generate \ -H "Api-Key: $IDEOGRAM_API_KEY" \ -H "Content-Type: application/json" \ -d '{"image_request":{"prompt":"rotation test","model":"V_2_TURBO","ma...