Skip to content

API Keys

Create and manage API keys for authentication.

API Key Prefixes

PrefixTypeDescription
gw_dev_DevelopmentFor testing, limited rate limits
gw_prod_ProductionFor production use
gw_admin_AdminFull management access
gw_tenant_TenantMulti-tenant customer keys

List API Keys

Endpoint

GET /v1/management/api-keys

Example

bash
curl https://api.gateflow.ai/v1/management/api-keys \
  -H "Authorization: Bearer gw_admin_..."

Response

json
{
  "object": "list",
  "data": [
    {
      "id": "key_abc123",
      "name": "production-key",
      "prefix": "gw_prod_",
      "created_at": "2026-02-01T10:00:00Z",
      "last_used_at": "2026-02-16T09:45:00Z",
      "status": "active",
      "rate_limits": {
        "rpm": 1000,
        "tpm": 100000
      },
      "permissions": ["chat", "embeddings", "audio"]
    },
    {
      "id": "key_def456",
      "name": "development-key",
      "prefix": "gw_dev_",
      "created_at": "2026-01-15T10:00:00Z",
      "last_used_at": "2026-02-15T14:30:00Z",
      "status": "active",
      "rate_limits": {
        "rpm": 100,
        "tpm": 10000
      },
      "permissions": ["chat", "embeddings"]
    }
  ]
}

Create API Key

Endpoint

POST /v1/management/api-keys

Request Body

ParameterTypeRequiredDescription
namestringYesDescriptive name
typestringNodev, prod, or admin (default: prod)
permissionsarrayNoAllowed operations
rate_limitsobjectNoCustom rate limits
expires_atstringNoExpiration timestamp
allowed_modelsarrayNoRestrict to specific models
allowed_ipsarrayNoIP allowlist

Example

bash
curl -X POST https://api.gateflow.ai/v1/management/api-keys \
  -H "Authorization: Bearer gw_admin_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "backend-service",
    "type": "prod",
    "permissions": ["chat", "embeddings"],
    "rate_limits": {
      "rpm": 500,
      "tpm": 50000,
      "daily_requests": 10000
    },
    "allowed_models": ["gpt-5.2", "gpt-5-mini", "text-embedding-3-large"]
  }'

Response

json
{
  "id": "key_xyz789",
  "name": "backend-service",
  "key": "gw_prod_abc123xyz789...",
  "prefix": "gw_prod_",
  "created_at": "2026-02-16T10:00:00Z",
  "status": "active",
  "rate_limits": {
    "rpm": 500,
    "tpm": 50000,
    "daily_requests": 10000
  },
  "permissions": ["chat", "embeddings"],
  "allowed_models": ["gpt-5.2", "gpt-5-mini", "text-embedding-3-large"]
}

WARNING

The full API key is only shown once at creation. Store it securely.

Get API Key

Endpoint

GET /v1/management/api-keys/{key_id}

Example

bash
curl https://api.gateflow.ai/v1/management/api-keys/key_abc123 \
  -H "Authorization: Bearer gw_admin_..."

Response

json
{
  "id": "key_abc123",
  "name": "production-key",
  "prefix": "gw_prod_",
  "created_at": "2026-02-01T10:00:00Z",
  "last_used_at": "2026-02-16T09:45:00Z",
  "status": "active",
  "rate_limits": {
    "rpm": 1000,
    "tpm": 100000
  },
  "permissions": ["chat", "embeddings", "audio"],
  "usage": {
    "requests_today": 2500,
    "tokens_today": 450000,
    "cost_today_usd": 4.50
  }
}

Update API Key

Endpoint

PATCH /v1/management/api-keys/{key_id}

Example

bash
curl -X PATCH https://api.gateflow.ai/v1/management/api-keys/key_abc123 \
  -H "Authorization: Bearer gw_admin_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-key-v2",
    "rate_limits": {
      "rpm": 2000,
      "tpm": 200000
    }
  }'

Response

json
{
  "id": "key_abc123",
  "name": "production-key-v2",
  "rate_limits": {
    "rpm": 2000,
    "tpm": 200000
  },
  "updated_at": "2026-02-16T10:30:00Z"
}

Rotate API Key

Generate a new key while keeping the same settings.

Endpoint

POST /v1/management/api-keys/{key_id}/rotate

Request Body

ParameterTypeDescription
grace_period_hoursintegerHours to keep old key valid (default: 24)

Example

bash
curl -X POST https://api.gateflow.ai/v1/management/api-keys/key_abc123/rotate \
  -H "Authorization: Bearer gw_admin_..." \
  -H "Content-Type: application/json" \
  -d '{
    "grace_period_hours": 48
  }'

Response

json
{
  "id": "key_abc123",
  "new_key": "gw_prod_newkey123...",
  "old_key_expires_at": "2026-02-18T10:00:00Z",
  "rotated_at": "2026-02-16T10:00:00Z"
}

Revoke API Key

Endpoint

POST /v1/management/api-keys/{key_id}/revoke

Example

bash
curl -X POST https://api.gateflow.ai/v1/management/api-keys/key_abc123/revoke \
  -H "Authorization: Bearer gw_admin_..."

Response

json
{
  "id": "key_abc123",
  "status": "revoked",
  "revoked_at": "2026-02-16T10:00:00Z"
}

Delete API Key

Permanently delete an API key.

Endpoint

DELETE /v1/management/api-keys/{key_id}

Example

bash
curl -X DELETE https://api.gateflow.ai/v1/management/api-keys/key_abc123 \
  -H "Authorization: Bearer gw_admin_..."

Response

json
{
  "id": "key_abc123",
  "deleted": true
}

API Key Permissions

PermissionDescription
chatChat completions API
embeddingsEmbeddings API
audioAudio transcription and speech
filesFile upload and management
modelsList models
managementManagement API access
adminFull admin access

Setting Permissions

bash
curl -X POST https://api.gateflow.ai/v1/management/api-keys \
  -H "Authorization: Bearer gw_admin_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "chat-only-key",
    "permissions": ["chat", "models"]
  }'

Errors

CodeDescription
400Invalid parameters
401Invalid admin key
403Insufficient permissions
404API key not found
429Rate limit exceeded

See Also

Built with reliability in mind.