AI Studio

The AI Studio API (ai.qreq.com) is authenticated with the same API Key you already use for the QREQ API. Grab it from API Access. On your first authenticated request an AI Studio account is automatically provisioned for your email address — no separate signup is required.

Authentication

Send your API Key using one of the following methods. The X-Api-Key header is recommended.

X-Api-Key: {api_key}
Authorization: Bearer {api_key}
https://ai.qreq.com/api/user?api_key={api_key}
curl --request GET \
--url 'https://ai.qreq.com/api/user' \
--header 'X-Api-Key: {api_key}'

Endpoints

GET https://ai.qreq.com/api/user
curl --request GET \
--url 'https://ai.qreq.com/api/user' \
--header 'X-Api-Key: {api_key}'
GET https://ai.qreq.com/api/app/get-setting
GET https://ai.qreq.com/api/app/usage-data
POST https://ai.qreq.com/api/aichat/new-chat
curl --request POST \
--url 'https://ai.qreq.com/api/aichat/new-chat' \
--header 'X-Api-Key: {api_key}' \
--header 'Content-Type: application/json' \
--data '{ "prompt": "Hello" }'
GET https://ai.qreq.com/api/aichat/chat/{id}/messages

The endpoints above are the most common entry points. All MagicAI API routes (AI Writer, AI Image, AI Documents, chat templates, favorites, social agents, affiliates, etc.) are supported through the same authenticated https://ai.qreq.com/api base URL.

Permissions

Each API Key can be scoped with granular permissions. A permission is the combination of a Feature (the module) and a Capability (the action). The HTTP method of the request is mapped to a capability:

HTTP method / route Capability
GETRead
GET on search endpointsSearch
POSTCreate
PUT / PATCHUpdate
DELETEDelete

Features that can be granted per API Key:

ai_chat, ai_writer, ai_image, ai_realtime_chat, ai_documents, ai_chat_templates, ai_shared_credit, ai_favorites, ai_profile, ai_social_agents, ai_social_accounts, ai_social_posts, ai_social_campaigns, ai_social_analytics, ai_app, ai_payment, ai_affiliates, ai_support

If the key lacks the required Feature × Capability for a request, the API responds with 403 Forbidden. An expired or invalid key returns 401 Unauthorized.