Create tenant API keys
Tenant API keys (often prefixed sk-) authenticate OpenAI-compatible HTTP (e.g. Chat Completions). Keys are created and revoked inside the tenant, separate from console member accounts.
Entry and prerequisites
- Sign in with a tenant-capable account and open the console (often Overview at
/dashboard). - In the sidebar, open Access & control → API keys at
/keys.
Create a key
On API keys, use Create (or equivalent). Typical fields:
| Field | Description |
|---|---|
| Note / description | Distinguish env, service name, etc. |
| Quota & reset | Daily/weekly/monthly caps with reset, or no reset (per UI). |
| Expiry | Short-lived trials or long-lived keys; expired keys stop working. |
| IP allowlist (optional) | Restrict to listed IPv4 sources; if enabled, ensure the real client IP is passed behind reverse proxies. |
| Model scope | Limit which models this key may call; disallowed models return a refusal-style response. |
After submit, the console usually shows the full plaintext key once. Copy it to a secure store (password manager, secrets vault, etc.); you cannot view plaintext again after leaving the page—only rotate or revoke later.
Use in applications
Send Authorization: Bearer <key> on HTTP calls; with @routerbrain/sdk, pass apiKey in the client constructor—see SDK quickstart.