Every app you publish in Dify doubles as a REST API, and so do your knowledge bases. You call the same app your end users interact with, from your own backend, with an API key.
Get an API Key
Call the API from your backend only. A key embedded in frontend code or a client app can be extracted and abused.
-
For an app, create an API key from inside the app itself. The key is scoped to that one app, and one key serves all your end users.
Your calls tell people apart with a per-person user value. See End User Identity for details.
-
For knowledge bases, go to Knowledge and click Service API in the top-right corner.
A knowledge API key is broader: it can reach every knowledge base visible to the account that created the key, so treat it with extra care. See Knowledge API for details.
Make Your First Call
Every request carries the key as a Bearer token. For Dify Cloud, the base URL is https://api.dify.ai/v1; for self-hosted deployments, use your own instance’s API base URL.
The fastest first call needs no code: open Get App Info, click Try it, paste your key into the Authorization field, and press Send. It works for every app type.
The same call from a terminal:
curl https://api.dify.ai/v1/info \
-H "Authorization: Bearer $DIFY_API_KEY"
A response like this confirms the key works and shows which app it belongs to:
{
"name": "My Chat App",
"description": "A helpful assistant",
"tags": ["assistant"],
"mode": "chat",
"author_name": "Dify Team"
}
Using a knowledge API key? Its endpoints are a separate family: start with List Knowledge Bases instead.
Find Your App Type’s Endpoints
See each app type’s own overview page for its full API surface: