API Key Management

What is an API Key

An API Key is your credential for calling LLM APIs, formatted as a string starting with sk-. All API requests must include a valid API Key in the Authorization header.

Tip

When you register an account, the system automatically creates an initial API Key for you. After topping up, you can use it for testing and development.

Create API Key

You can create multiple API Keys for different projects or purposes:

  1. Go to Token Management Page

    After logging in, click "Tokens" in the console sidebar to enter the API Key management page.

  2. Click "New Token"

    On the token management page, click the "New Token" button.

  3. Configure Key Parameters

    Fill in the following information:

    • Name — Give the Key a recognizable name (e.g., "Project A Dev Environment")
    • Quota — Set a usage cap for this Key, or select "Unlimited Quota"
    • Expiration Time — Set the Key's validity period; it will automatically expire
    • Model Restrictions — Optionally restrict this Key to only access specific models
    • IP Whitelist — Restrict Key usage to specific IP addresses only
    • Group — Select the group this Key belongs to, which affects the available model range
  4. Save and Copy Key

    After creation, immediately copy and save the complete API Key. For security reasons, the full Key is only displayed once at creation time.

Important

After creating an API Key, the complete sk- key is only displayed once at creation time. Please copy and save it immediately. If lost, you will need to create a new Key.

Manage Existing Keys

On the token management page, you can view and manage all your created API Keys:

Action Description
View View Key basic information, remaining quota, and usage
Edit Modify Key name, quota, expiration time, model restrictions, and other settings
Enable/Disable Temporarily disable a Key without deleting it; can be re-enabled at any time
View Full Key View the complete sk- key after identity verification
Delete Permanently delete a Key that is no longer in use

Key Configuration Details

Quota Settings

Each Key can have an individual usage cap:

  • Limited Quota — Set a specific quota value (e.g., 500,000); the Key is automatically disabled when exhausted
  • Unlimited Quota — No cap, directly uses the total account balance

Quota is measured in Tokens. 1 USD is approximately equal to 500,000 Tokens (subject to platform settings).

Model Access Restrictions

You can restrict a Key to only access specific models:

  • No restriction — The Key can access all available models
  • Specified models — Only the models you select can be called; other models will be rejected

This is particularly useful for team collaboration — you can create Keys with different model scopes for different team members.

IP Restrictions

Set the IP addresses or IP ranges allowed to use this Key (comma-separated). Leave empty for no restriction. Setting an IP whitelist is strongly recommended for production environments.

Expiration Time

Set the Key's expiration deadline:

  • -1 (Never Expires) — The Key remains valid until manually disabled or deleted
  • Specific Timestamp — The Key automatically becomes "Expired" at the specified time

Security Best Practices

Security Notice
  • API Key is equivalent to a password — Anyone with the Key can consume your account balance; never share it publicly
  • Do not hardcode Keys in your code — Use environment variables or configuration files to manage Keys
  • Do not commit Keys to Git repositories — Add configuration files containing Keys to .gitignore
  • Enable IP whitelist in production — Restrict usage to only your server IPs
  • Create separate Keys for different projects — Makes it easier to manage quotas and monitor usage individually
  • Rotate Keys regularly — Create new Keys and deprecate old ones periodically
  • Set reasonable quota limits — Prevent a single Key from consuming excessive credits

Monitor Key Usage

You can monitor API Key usage through the following methods:

  • Token Management Page — View remaining and used quota for each Key
  • Usage Logs — View detailed records of each API call (model, Token consumption, cost)
  • Dashboard — View credit and request volume trend charts

You can also query Key usage via the API:

curl https://api.shallowseek.top/api/usage/token/ \
  -H "Authorization: Bearer sk-your-api-key"