API keys authenticate programmatic requests and third-party clients. Treat them like access to your account quota.
Open API keys
Sign in and go to the API keys page.
Create a key
Set a name, optional quota limit, expiration time, model scope, and IP restrictions.
Copy the key
Store the sk- value securely. The full key may only be displayed once.
Security practices
- Use separate keys for development, production, and external clients.
- Set quota limits for temporary or third-party keys.
- Store keys in environment variables or a secret manager.
- Delete and recreate a key immediately if exposure is suspected.
Never place API keys in browser frontend code or public repositories.
Next steps