API Keys

API keys authenticate API and tool requests. Treat every key like a password.

Create a separate key for each application, tool, device, or environment:

Codex - Laptop
OpenClaw - Home
Chat Client
Development

This makes usage easier to identify and lets you revoke one integration without interrupting the others.

Create a key

  1. Sign in to the GetRouter console.
  2. Open the API keys or tokens page.
  3. Create a key with a descriptive name.
  4. Apply an expiration date, quota, model restriction, or IP restriction if those options are appropriate for the integration.
  5. Copy the key and store it in a password manager or secret manager.

Use keys safely

  • Use environment variables or a tool's protected credential store.
  • Never commit keys to Git, paste them into support tickets, or expose them in browser code.
  • Avoid sharing one key across multiple tools or people.
  • Review usage logs after connecting a new tool.
  • Revoke and replace a key immediately if it may have leaked.

Revoke a compromised key

  1. Disable or delete the key in the console.
  2. Create a replacement key.
  3. Update only the affected integration.
  4. Review usage and billing records for unexpected requests.
  5. Rotate any other key that was stored in the same exposed file or message.