Platform

Key Management

Create, configure, and manage proxy keys

Proxy keys control how your team accesses LLM providers through Enterprise Router. Each key can be scoped with provider restrictions, model allowlists, IP rules, rate limits, and spend caps.

Creating a key

In your dashboard, go to API Keys and click Create Key.

Required:

  • Name — a label for this key (e.g., backend-prod, data-team, staging)

Optional:

  • Allowed providers — restrict to specific providers (OpenAI, Anthropic, Gemini). Leave empty for all.
  • Allowed models — restrict to specific models. Supports glob patterns (e.g., gpt-4o* matches gpt-4o and gpt-4o-mini). Leave empty for all.
  • Allowed IPs — restrict to specific IP addresses or CIDR ranges. Leave empty for any IP.
  • Rate limit — maximum requests per minute for this key.
  • Spend limit — maximum dollar spend for this key, with an optional reset period (daily, weekly, monthly).
  • Expires at — automatic expiry date.

After creation, the raw key is shown once. Copy it immediately — it cannot be retrieved again. Only the key prefix (sk-proxy-a1b2...) is stored for identification.

Editing a key

Click the edit button on any key to modify its settings. You can change:

  • Name
  • Provider and model restrictions
  • IP allowlist
  • Rate limit
  • Spend limit and reset period

Changes take effect immediately for new requests.

Revoking a key

Click the revoke button to permanently disable a key. Revoked keys return 403 key_revoked on any request. This action cannot be undone.

Key lifecycle states

StatusMeaning
activeKey is usable
expiredPast its expiry date, automatically rejected
revokedManually disabled, permanently rejected

Best practices

  • One key per service or team — makes it easy to track usage and revoke access independently.
  • Set rate limits — protect against runaway scripts. Start with a reasonable RPM and increase as needed.
  • Use IP allowlists in production — restrict keys to your server IPs so stolen keys can’t be used elsewhere.
  • Set spend limits — prevent surprise bills from bugs or misuse. Use daily or weekly reset periods.
  • Rotate keys periodically — create a new key, update your service, then revoke the old one.

Management API

You can also manage keys programmatically using the management API:

  • POST /v1/keys — create a key
  • GET /v1/keys — list all keys in your org
  • PATCH /v1/keys/{id} — update a key
  • DELETE /v1/keys/{id} — revoke a key

See the API Reference for details.