API Key
Last updated: February 16, 2026
An API key is a unique identifier used to authenticate requests to an application programming interface (API). It is typically a long alphanumeric string issued by a service provider that grants the holder access to specific API endpoints. API keys are one of the simplest forms of API authentication and are widely used across the AI and cloud computing ecosystem.
Why It Matters
API keys are the primary way AI assistants connect to model providers like Anthropic, OpenAI, Google, and others. Every time your assistant generates a response, it sends your API key to the provider to authenticate the request and track usage against your billing account. A leaked API key can result in unauthorized usage, unexpected charges, and potential access to your account's resources. Proper key management is therefore critical for any AI deployment.
How It Works
When you sign up with a model provider, you generate one or more API keys from their dashboard. Your AI assistant stores these keys in its configuration and includes them in the headers of every API request. The provider validates the key, checks rate limits and quotas, processes the request, and returns the result. Most providers use the Authorization header or a custom header like x-api-key for key transmission.
API keys differ from bearer tokens in their typical usage pattern. While bearer tokens often authenticate user sessions or internal service communication, API keys usually authenticate an entire application or deployment with an external service. Some providers offer both project-level and user-level keys with different permission scopes.
In Practice
During AI assistant onboarding, the setup wizard collects your model provider API key and stores it securely in the gateway configuration. Never expose API keys in client-side code, URLs, or logs. Use environment variables for keys that must persist across redeployments. Most providers allow you to create multiple keys and revoke compromised ones individually, so generate separate keys for development and production environments.