Documentation

How It Works

The end-to-end path from local prompt to short-lived generation session.

1. You create a local request

Your server code or terminal command provides an Access Token, prompt, model name or Workflow slug, and optional source images.

2. The tool seals task content

The SDK creates a one-use Generation Key Pair. It encrypts the prompt and optional source images with X25519, HKDF-SHA-256, and AES-256-GCM.

3. The Task Manager checks access

The Task Manager receives the Access Token, model name or Workflow slug, and Sealed Request. It checks account access, creates a Credit Reservation, and routes the task without receiving the private key or plaintext task content.

4. A Generation Session runs

A short-lived Generation Session receives the private key directly from the SDK, decrypts the task, runs the selected model or Workflow, streams image bytes back to the SDK, and cleans up task content.

5. A content-blind record is kept

Unexposed records content-blind usage, model, status, reservation, and charge information. Billing records describe infrastructure use, not what you created.