Token Wallet API

Authentication

Create a key on the API Keys page. Keys are shown once at creation — store yours in a secret manager. Send it in the Authorization header.

curl https://api.token-wallet.ai/v1/chat/completions \
  -H "Authorization: Bearer tw_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "deepseek-chat",
    "provider": "deepseek",
    "messages": [{ "role": "user", "content": "Hello" }]
  }'

Chat completions

POST /v1/chat/completions accepts the same body shape as OpenAI's chat completions, plus a required provider field.

{
  "provider": "openai",
  "model": "gpt-4.1-mini",
  "messages": [
    { "role": "system", "content": "You are concise." },
    { "role": "user", "content": "Summarise Singapore's AI policy in 3 bullets." }
  ],
  "temperature": 0.5
}

Response:

{
  "content": "…",
  "usage": {
    "inputTokens": 24,
    "outputTokens": 86,
    "totalTokens": 110,
    "costCredits": 12
  },
  "wallet": { "balanceCredits": 99988 }
}

List models

GET /v1/models returns the active models on your account.

Errors

• 400Invalid input — model or provider unknown, or schema mismatch.
• 401Missing or invalid API key.
• 402Insufficient credits. Top up at /billing.
• 403Account suspended or model disallowed for this key.
• 429Rate limit exceeded. Honour the Retry-After header.
• 502Upstream provider error. The call was not charged.

Rate limits

Default: 30 requests per minute per key, with a burst of 10. Enterprise accounts get custom limits — contact us if you need more.

Security

• Keys are hashed before storage — we never see the plaintext after creation.
• Wallet deductions run inside DB transactions; failed provider calls are not charged.
• Provider API keys live only on the server. Never expose them to the browser.
• Revoke a key from the dashboard the moment you suspect it has leaked.