Overview
The ComfyControl API uses Bearer token authentication. All API requests must include a valid API token in the Authorization header.Obtaining an API Token
API tokens are created and managed through the ComfyControl web dashboard:- Log in to your account at https://comfycontrol.app
- Navigate to your account settings
- Go to the API Tokens section
- Create a new token with a descriptive name
- Copy the token immediately (it will only be shown once)
Token Format
API tokens follow this format:- Prefix:
cfc_(ComfyControl identifier) - Followed by a random alphanumeric string
- Store tokens securely and never commit them to version control
Using Your Token
Include your API token in theAuthorization header of every request using the Bearer scheme:
Token Security
Best Practices
Best Practices
- Store tokens in environment variables, not in code
- Use different tokens for different applications or environments
- Rotate tokens periodically
- Revoke tokens immediately if compromised
- Never share tokens or commit them to repositories
Token Expiry
Token Expiry
- Tokens can be configured with optional expiration dates
- Expired tokens will return a 401 Unauthorized error
- Create a new token before the old one expires
- Last used timestamp is tracked for each token
Rate Limiting
The ComfyControl API implements rate limiting to ensure fair usage and system stability.Limits
- 40 requests per 10 seconds per IP address
- Applies to all API endpoints
- Enforced via Cloudflare
Exceeding Rate Limits
When you exceed the rate limit:- You’ll receive a 429 Too Many Requests response
- A 10-second cooldown period is automatically applied
- No requests will be processed during the cooldown
- After cooldown, normal rate limits resume
Authentication Errors
Common authentication-related error responses:| Status Code | Error | Description |
|---|---|---|
| 401 | Unauthorized | Missing, invalid, or expired token |
| 403 | Forbidden | Valid token but insufficient permissions or tier limits |
| 429 | Too Many Requests | Rate limit exceeded |