API Key Management
Manage your existing API keys to maintain security and control costs.
Viewing API Keys
Via Web Interface
- Navigate to API Keys in the sidebar
- View all keys with:
- Name and description
- Creation date
- Last used timestamp
- Usage statistics
- Budget status
Via API
import requests
response = requests.get(
"http://localhost/api-internal/v1/api-keys",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"}
)
keys = response.json()["keys"]
for key in keys:
print(f"Name: {key['name']}")
print(f"Created: {key['created_at']}")
print(f"Last Used: {key['last_used']}")
print(f"Total Cost: ${key['total_spend']:.2f}")
print("-" * 40)
Updating API Keys
Update Permissions
response = requests.put(
"http://localhost/api-internal/v1/api-keys/{key_id}",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"},
json={
"allowed_models": ["gpt-4"], # Restrict to GPT-4 only
"daily_spend_limit": 50.00 # Increase daily limit
}
)
Update Budget Limits
response = requests.put(
f"http://localhost/api-internal/v1/api-keys/{key_id}/budget",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"},
json={
"daily_spend_limit": 100.00,
"monthly_spend_limit": 3000.00,
"daily_token_limit": 1000000,
"alert_threshold": 0.75 # Alert at 75%
}
)
Rotating API Keys
Why Rotate Keys?
- Security: Regular rotation reduces risk of compromised keys
- Compliance: Many security standards require periodic rotation
- Access Control: Revoke old keys when team members leave
Rotation Process
- Create New Key
response = requests.post(
"http://localhost/api-internal/v1/api-keys",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"},
json={
"name": "Production App v2",
"description": "Replacement for old key",
"allowed_models": ["gpt-4"],
"daily_spend_limit": 100.00
}
)
new_key = response.json()["api_key"]
- Update Application
Update your application configuration to use the new key:
# Old key
API_KEY = "en_old_key_xxxxxxxx"
# New key
API_KEY = "en_new_key_yyyyyyyy"
- Test New Key
response = requests.get(
"http://localhost/api/v1/models",
headers={"Authorization": "Bearer en_new_key_yyyyyyyy"}
)
assert response.status_code == 200
- Delete Old Key
requests.delete(
f"http://localhost/api-internal/v1/api-keys/{old_key_id}",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"}
)
Revoking API Keys
Immediate Revocation
requests.delete(
f"http://localhost/api-internal/v1/api-keys/{key_id}",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"}
)
All requests using this key will immediately fail with 401 Unauthorized.
Revoke via Web Interface
- Navigate to API Keys
- Find the key to revoke
- Click Delete button
- Confirm deletion
Monitoring Key Usage
Check Current Usage
response = requests.get(
f"http://localhost/api-internal/v1/api-keys/{key_id}/usage",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"}
)
usage = response.json()
print(f"Requests today: {usage['requests_today']}")
print(f"Tokens used today: {usage['tokens_today']}")
print(f"Cost today: ${usage['cost_today']:.2f}")
print(f"Budget remaining: ${usage['budget_remaining']:.2f}")
Usage by Model
response = requests.get(
f"http://localhost/api-internal/v1/api-keys/{key_id}/usage",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"},
params={"breakdown": "by_model"}
)
for model_usage in response.json()["by_model"]:
model = model_usage["model"]
requests = model_usage["requests"]
cost = model_usage["cost"]
print(f"{model}: {requests} requests, ${cost:.2f}")
Budget Alerts
Setting Up Alerts
response = requests.put(
f"http://localhost/api-internal/v1/api-keys/{key_id}/budget",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"},
json={
"alert_threshold": 0.8,
"alert_email": "team@company.com"
}
)
Alert Types
- Threshold Reached: When usage hits alert percentage
- Budget Exceeded: When limit is hit
- Daily Summary: Daily usage summary (optional)
Best Practices
Key Organization
| Strategy | Description | Use Case |
|---|---|---|
| Environment-based | Separate keys per environment | dev/staging/prod |
| Application-based | Separate keys per application | web-app/mobile-app/backend |
| Team-based | Separate keys per team | team-a/team-b/shared |
| Feature-based | Separate keys per feature | chatbot/rag/agents |
Rotation Schedule
| Frequency | Recommended For |
|---|---|
| Weekly | High-security environments |
| Monthly | Standard production environments |
| Quarterly | Lower-risk applications |
Monitoring Frequency
- Daily: Review usage for critical production keys
- Weekly: Check all keys for unusual activity
- Monthly: Comprehensive budget review and adjustment
Troubleshooting
Key Not Working After Update
Problem: 401 errors after updating permissions
Solution:
# Clear any cached credentials
# In your application:
API_KEY = "en_new_key_xxxxxxxx"
Can't Find Key ID
Problem: Need key ID but don't have it
Solution:
# List all keys to find the ID
response = requests.get(
"http://localhost/api-internal/v1/api-keys",
headers={"Authorization": "Bearer YOUR_JWT_TOKEN"}
)
for key in response.json()["keys"]:
if key["name"] == "Production App":
print(f"Key ID: {key['id']}")
Budget Not Enforcing
Problem: Spending exceeds limit without rejection
Solution:
- Check budget enforcement is enabled in platform settings
- Verify budget values are correct (no typos like 10.00 vs 100.00)
- Ensure correct key ID is being used
Next Steps
- Permissions - Learn about access control