API Key Management

API Keys are used to authenticate access to the Chat2API proxy server. Create, manage, and use keys to protect your proxy endpoint.

Overview

When API Key authentication is enabled, all requests to the proxy must include a valid API Key.

Enable Authentication

  1. Navigate to API Keys from the sidebar
  2. Toggle Enable Authentication
  3. Create at least one API Key

Enable authentication before exposing the proxy to the network to prevent unauthorized access.

Create API Key

Steps

  1. Click New API Key button
  2. Enter a name (e.g., "Production", "Development")
  3. Add optional description
  4. Click Create

Key Format

API Key format:

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please store your API Key securely. Store keys in environment variables, not in code.

Using API Key

curl http://localhost:8080/v1/chat/completions \
  -H "Authorization: Bearer sk-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4", "messages": [...]}'

Method 2: X-API-Key Header

curl http://localhost:8080/v1/chat/completions \
  -H "X-API-Key: sk-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4", "messages": [...]}'

Method 3: URL Parameter

curl "http://localhost:8080/v1/chat/completions?api_key=sk-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4", "messages": [...]}'

Using OpenAI SDK

from openai import OpenAI

client = OpenAI(
    api_key="sk-xxxxxx",
    base_url="http://localhost:8080/v1"
)

Managing Keys

View Keys

The API Keys page displays:

  • Key name
  • Key value (click to view full key)
  • Status (enabled/disabled)
  • Usage count
  • Created date

Copy Key

Click the copy button next to the key in the list to copy the full key.

Enable/Disable Key

  1. Find the key in the list
  2. Toggle the status switch
  3. Changes take effect immediately

Disabled keys will be rejected even if authentication is enabled.

Delete Key

  1. Find the key in the list
  2. Click Delete
  3. Confirm deletion

Deleting a key is permanent. Applications using that key will lose access.

Best Practices

PracticeDescription
Use Separate KeysCreate different keys for different applications for easier management and revocation
Regular RotationRotate keys periodically for better security, recommended every 90 days
Monitor UsageCheck logs regularly for unusual activity to detect security issues early
Disable Unused KeysDisable keys that are no longer needed to reduce security risks
Secure StorageStore keys in environment variables, not in code

Troubleshooting

Advanced Configuration

Configure advanced proxy settings including request timeout and retry count.

Model List

View all available AI models from your configured providers.

On this page

Overview
Enable Authentication
Create API Key
Steps
Key Format
Using API Key
Method 1: Authorization Header (Recommended)
Method 2: X-API-Key Header
Method 3: URL Parameter
Using OpenAI SDK
Managing Keys
View Keys
Copy Key
Enable/Disable Key
Delete Key
Best Practices
Troubleshooting