API Keys
API keys authenticate API and tool requests. Treat every key like a password.
Recommended setup
Create a separate key for each application, tool, device, or environment:
This makes usage easier to identify and lets you revoke one integration without interrupting the others.
Create a key
- Sign in to the GetRouter console.
- Open the API keys or tokens page.
- Create a key with a descriptive name.
- Apply an expiration date, quota, model restriction, or IP restriction if those options are appropriate for the integration.
- Copy the key and store it in a password manager or secret manager.
Use keys safely
- Use environment variables or a tool's protected credential store.
- Never commit keys to Git, paste them into support tickets, or expose them in browser code.
- Avoid sharing one key across multiple tools or people.
- Review usage logs after connecting a new tool.
- Revoke and replace a key immediately if it may have leaked.
Revoke a compromised key
- Disable or delete the key in the console.
- Create a replacement key.
- Update only the affected integration.
- Review usage and billing records for unexpected requests.
- Rotate any other key that was stored in the same exposed file or message.
