Authentication & API Keys

AICredits uses API keys for authenticating requests to the LLM proxy endpoints.

API Key Authentication

Pass your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer sk-your-api-key-here

This header is required for all proxy endpoints (/v1/*). Dashboard API endpoints use JWT cookies instead (handled automatically by the browser).

Key Format

API keys follow the format sk- followed by 64 hexadecimal characters:

sk-a1b2c3d4e5f6...  (64 hex characters)

Keys are stored as SHA256 hashes in the database — AICredits never stores your raw key. The key is cached in Redis for 5 minutes for fast validation on every request.

Creating API Keys

The easiest way to create an API key is through the Dashboard → API Keys page. Click Create New Key, configure your options, and copy the key.

Key Options

Creating via API

You can also create keys programmatically using the dashboard API (/api/*) with JWT cookie authentication:

curl -X POST https://api.aicredits.in/api/api-keys \
  -H "Content-Type: application/json" \
  --cookie "token=your-jwt-token" \
  -d '{
    "name": "Production Key",
    "rate_limit": 100,
    "budget": 1000,
    "expires_at": "2026-12-31"
  }'

Security Best Practices

• Never expose keys in client-side code. Use environment variables and server-side proxies.
• Set budget limits on keys to control costs in case of accidental overuse or key compromise.
• Set expiration dates for short-lived use cases like demos or testing.
• Use separate keys for development and production environments.
• Rotate keys periodically. Delete old keys from the dashboard and create new ones.
• Store keys securely using environment variables or a secrets manager.

# Store your key as an environment variable
export AICREDITS_API_KEY="sk-your-key-here"

# Use it in your code
import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.aicredits.in/v1",
    api_key=os.environ["AICREDITS_API_KEY"],
)