Skip to main content

API keys

API keys authenticate application requests to the UniKey gateway. The same platform-issued secret can be sent as a Bearer token or, where supported, through the x-api-key header.

Authentication headers

Authorization: Bearer $UNIKEY_API_KEY
x-api-key: $UNIKEY_API_KEY

Use Authorization: Bearer for OpenAI-compatible requests and either supported header for Anthropic-compatible Messages requests.

Store keys safely

Keep keys in environment variables or a managed secret store. Never ship them to a browser client, mobile app bundle, public repository, or public documentation.

export UNIKEY_API_KEY="sk-..."

Project isolation

Use separate API keys for different projects, environments, and teams. If one key is exposed, this limits the operational impact.

Rotate keys

Rotate keys when access changes, when a key is exposed, or before moving a prototype into production.

Migration guidance

If UniKey introduces a new API key format or security upgrade, create a new key, test it in a staging environment, replace the secret in your application or secret manager, and remove the old key after traffic is confirmed.