Overview
Authentication
All OneRouter API requests are authenticated using Bearer tokens (API keys). This page covers key creation, usage, and security best practices.
Bearer Token Authentication
Include your API key in the Authorization header of every request:
http
Authorization: Bearer sk-your-api-key-hereCreating API Keys
- Log in to the OneRouter Dashboard
- Navigate to API Keys in the sidebar
- Click + New Key
- Give your key a descriptive name (e.g., "production-backend", "dev-testing")
- Optionally set a monthly spend limit and allowed models
- Copy the key immediately — it will not be shown again
Your API key is shown only once. Store it securely — we cannot recover it. If lost, generate a new key and revoke the old one.
Key Scoping & Permissions
Each API key can be scoped to specific permissions:
- Models: Restrict which models the key can access
- Monthly budget: Set a hard spending cap that auto-disables the key
- IP whitelisting: Only allow requests from specific IP ranges
- Rate limiting: Custom RPM/TPM limits per key
Using Environment Variables
Always use environment variables in production — never hardcode keys:
python
import os
from openai import OpenAI
client = OpenAI(
api_key=os.environ["ONEROUTER_API_KEY"],
base_url="https://api.onerouter.app/v1",
)Revoking & Rotating Keys
You can revoke any API key instantly from the Dashboard. We recommend rotating keys every 90 days and immediately revoking any key you suspect has been compromised.