Headers
Use either header form from a trusted server, CLI, or MCP client:
x-api-key: qh_live_...
Authorization: Bearer qh_live_...Key handling
- Keep keys out of browser bundles and public repositories.
- Use environment variables for MCP and server-side integrations.
- Rotate keys if they are shared outside trusted infrastructure.
- Unknown or invalid keys fall back to anonymous rate limits.
