API Keys
API keys are used to authenticate requests to the Apertis API. This guide explains how to obtain, manage, and secure your API keys.
Obtaining Your API Key
- Sign up or log in to your account at Apertis
- Navigate to API Keys section in the dashboard
- Click Create New Key to generate a new API key
- Copy and securely store your API key - it will only be shown once
Your API key is displayed only once upon creation. Store it securely immediately. If you lose your key, you'll need to create a new one.
API Key Format
Apertis API keys follow this format:
sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Prefix:
sk-(standard key) orsk-sub-(subscription key) - Length: 32+ characters after the prefix
- Characters: Alphanumeric (a-z, A-Z, 0-9)
Using Your API Key
Authentication Methods
Apertis supports two authentication methods:
| Method | Header | Example |
|---|---|---|
| Bearer Token | Authorization | Authorization: Bearer sk-your-api-key |
| API Key | x-api-key | x-api-key: sk-your-api-key |
Both methods work across all endpoints. The x-api-key header provides compatibility with Anthropic SDKs.
Example: Bearer Token (OpenAI SDKs)
curl https://api.apertis.ai/v1/chat/completions \
-H "Authorization: Bearer sk-your-api-key" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4.1",
"messages": [{"role": "user", "content": "Hello!"}]
}'
Example: x-api-key (Anthropic SDKs)
curl https://api.apertis.ai/v1/messages \
-H "x-api-key: sk-your-api-key" \
-H "Content-Type: application/json" \
-d '{
"model": "claude-sonnet-4.5",
"max_tokens": 1024,
"messages": [{"role": "user", "content": "Hello!"}]
}'
When both headers are provided, Authorization takes precedence over x-api-key.
Python Example
from openai import OpenAI
client = OpenAI(
api_key="sk-your-api-key",
base_url="https://api.apertis.ai/v1"
)
response = client.chat.completions.create(
model="gpt-4.1",
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.choices[0].message.content)
Node.js Example
import OpenAI from 'openai';
const client = new OpenAI({
apiKey: 'sk-your-api-key',
baseURL: 'https://api.apertis.ai/v1'
});
const response = await client.chat.completions.create({
model: 'gpt-4.1',
messages: [{ role: 'user', content: 'Hello!' }]
});
console.log(response.choices[0].message.content);
API Key Settings
Quota Management
Each API key has its own quota allocation:
| Setting | Description |
|---|---|
| Remaining Quota | Available balance for API calls |
| Used Quota | Total amount consumed |
| Unlimited | Option to set unlimited quota |
Model Restrictions
You can restrict which models an API key can access:
- All Models: Access to all available models (default)
- Specific Models: Whitelist only certain models
Example: Restrict a key to only use gpt-4.1 and claude-sonnet-4.5:
Model Whitelist: gpt-4.1, claude-sonnet-4.5
IP Whitelisting (Subnet Restrictions)
For enhanced security, you can restrict API key usage to specific IP addresses or subnets:
Allowed IPs: 192.168.1.0/24, 10.0.0.1
This ensures your API key can only be used from authorized networks.
Expiration Date
Set an expiration date for temporary or project-specific keys:
- Never Expire: Key remains valid indefinitely
- Custom Date: Key expires on a specific date
Types of API Keys
Standard API Keys (sk-)
- Created manually by users
- Configurable quota and restrictions
- Suitable for development and production use
Subscription API Keys (sk-sub-)
- Automatically generated for subscription plans
- Quota synced with subscription cycle
- Automatically reset when billing cycle renews
Best Practices
Security Guidelines
-
Never expose your API key in client-side code
// DON'T do this in frontend code
const apiKey = "sk-your-api-key"; // Exposed to users! -
Use environment variables
export APERTIS_API_KEY="sk-your-api-key"import os
api_key = os.environ.get("APERTIS_API_KEY") -
Rotate keys regularly - Create new keys periodically and deprecate old ones
-
Use separate keys for different environments
- Development key with limited quota
- Production key with appropriate restrictions
-
Enable IP whitelisting for production keys when possible
Quota Management Tips
- Monitor your usage regularly in the dashboard
- Set up alerts for low quota warnings
- Use model restrictions to prevent unexpected costs
- Consider using subscription plans for predictable budgeting
Managing Multiple Keys
You can create multiple API keys for different purposes:
| Use Case | Recommended Settings |
|---|---|
| Development | Low quota, all models, no IP restriction |
| Production | Higher quota, specific models, IP whitelist |
| Testing | Limited quota, expiration date set |
| Third-party Integration | Minimal quota, specific models only |
Revoking API Keys
To revoke an API key:
- Go to API Keys in your dashboard
- Find the key you want to revoke
- Click Delete or Disable
Revoking a key is immediate and cannot be undone. Any applications using that key will stop working immediately.
Troubleshooting
Common Issues
| Error | Cause | Solution |
|---|---|---|
401 Unauthorized | Invalid or missing API key | Check key is correct and included in header |
403 Forbidden | Key doesn't have access to model | Check model restrictions on your key |
429 Too Many Requests | Rate limit exceeded | Reduce request frequency or upgrade plan |
402 Payment Required | Quota exhausted | Add more quota or enable PAYG fallback |
Related Topics
- Subscription Plans - Learn about quota and billing
- Rate Limits - Understand request limits
- Error Codes - Complete error reference