API Keys
Programmatically create, list, update, and delete API keys.
Overview
The Keys API allows you to manage API keys programmatically. This is useful for creating keys for sub-users, rotating keys, and enforcing per-key budgets and scopes.
All key management endpoints require a management key (allroutes_mgmt_) or a secret key with the keys:manage scope.
Create a Key
POST https://api.allroutes.ai/v1/keys
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable label for the key |
scopes | array | No | Permission scopes (defaults to all scopes) |
rate_limit_rpm | integer | No | Requests per minute limit |
daily_budget_usd | float | No | Maximum daily spend in USD |
monthly_budget_usd | float | No | Maximum monthly spend in USD |
allowed_models | array | No | Restrict key to specific model IDs |
expires_at | string | No | ISO 8601 expiration timestamp |
Example
curl -X POST https://api.allroutes.ai/v1/keys \
-H "Authorization: Bearer allroutes_mgmt_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Production Backend",
"scopes": ["chat:completions", "embeddings", "models:read"],
"rate_limit_rpm": 600,
"daily_budget_usd": 50.00,
"monthly_budget_usd": 1000.00,
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514"],
"expires_at": "2026-12-31T23:59:59Z"
}'
Response
{
"id": "key_abc123",
"key": "allroutes_sk_live_a1b2c3d4e5f6...",
"name": "Production Backend",
"scopes": ["chat:completions", "embeddings", "models:read"],
"rate_limit_rpm": 600,
"daily_budget_usd": 50.00,
"monthly_budget_usd": 1000.00,
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514"],
"expires_at": "2026-12-31T23:59:59Z",
"created_at": "2026-04-05T10:00:00Z",
"is_active": true
}
The key field is only returned once at creation time. Store it securely.
List Keys
GET https://api.allroutes.ai/v1/keys
Returns all API keys for your organization (key values are masked).
Query Parameters
| Parameter | Type | Description |
|---|---|---|
active | boolean | Filter by active/inactive status |
limit | integer | Max results per page (default: 50) |
offset | integer | Pagination offset |
Example
curl https://api.allroutes.ai/v1/keys \
-H "Authorization: Bearer allroutes_mgmt_..."
Response
{
"data": [
{
"id": "key_abc123",
"name": "Production Backend",
"key_prefix": "allroutes_sk_live_a1b2...",
"scopes": ["chat:completions", "embeddings", "models:read"],
"rate_limit_rpm": 600,
"daily_budget_usd": 50.00,
"monthly_budget_usd": 1000.00,
"usage_today_usd": 12.34,
"usage_month_usd": 456.78,
"is_active": true,
"created_at": "2026-04-05T10:00:00Z",
"last_used_at": "2026-04-05T14:30:00Z"
}
],
"total": 1
}
Update a Key
PATCH https://api.allroutes.ai/v1/keys/:id
Update key properties. Only fields included in the request body are modified.
Request Body
| Field | Type | Description |
|---|---|---|
name | string | Updated label |
scopes | array | Updated permission scopes |
rate_limit_rpm | integer | Updated RPM limit |
daily_budget_usd | float | Updated daily budget |
monthly_budget_usd | float | Updated monthly budget |
allowed_models | array | Updated model restrictions |
expires_at | string | Updated expiration |
is_active | boolean | Enable or disable the key |
Example
curl -X PATCH https://api.allroutes.ai/v1/keys/key_abc123 \
-H "Authorization: Bearer allroutes_mgmt_..." \
-H "Content-Type: application/json" \
-d '{
"rate_limit_rpm": 1200,
"monthly_budget_usd": 2000.00
}'
Delete a Key
DELETE https://api.allroutes.ai/v1/keys/:id
Permanently revokes and deletes an API key. This action cannot be undone.
curl -X DELETE https://api.allroutes.ai/v1/keys/key_abc123 \
-H "Authorization: Bearer allroutes_mgmt_..."
Response
{
"id": "key_abc123",
"deleted": true
}
Error Codes
| Status | Description |
|---|---|
400 | Invalid request body |
401 | Missing or invalid authentication |
403 | Key does not have keys:manage scope |
404 | Key not found |
409 | Key name already exists in organization |
See Also
- Authentication -- key types, scopes, and prefixes
- Billing & Credits -- per-key budget enforcement
- Guardrails -- per-key model allowlists and compliance profiles