Skip to main content

Overview

ARouter uses two types of keys:
Key TypePrefixPurpose
Management Keylr_mgmt_xxxxCreate, list, update, and delete API keys via the management API.
API Keylr_live_xxxxMake LLM requests (chat completions, embeddings, etc.).
Management keys can create API keys with scoped access:
  • Allowed providers โ€” e.g. only OpenAI and Anthropic
  • Allowed models โ€” e.g. only gpt-5.4 and claude-sonnet-4.6
  • Spending limits โ€” max budget per day/week/month
  • Expiry โ€” auto-expire after a date
Management Key: lr_mgmt_abc123
  โ”œโ”€โ”€ API Key 1: lr_live_def456  (OpenAI+Anthropic, $150/month, expires Dec 2025)
  โ”œโ”€โ”€ API Key 2: lr_live_ghi789  (DeepSeek only, $50/day)
  โ””โ”€โ”€ API Key 3: lr_live_jkl012  (all providers, unlimited)

Create an API Key

curl -X POST https://api.arouter.ai/api/v1/keys \
  -H "Authorization: Bearer lr_mgmt_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-backend",
    "allowed_providers": ["openai", "anthropic"],
    "allowed_models": ["gpt-5.4", "claude-sonnet-4.6"],
    "limit": 150,
    "limit_reset": "monthly",
    "expires_at": "2025-12-31T23:59:59Z"
  }'
The key field is only returned once at creation time. Store it securely โ€” you cannot retrieve it later.

Response

{
  "data": {
    "hash": "abc123...",
    "name": "production-backend",
    "key_type": "regular",
    "disabled": false,
    "limit": 150,
    "limit_remaining": 150,
    "limit_reset": "monthly",
    "allowed_providers": ["openai", "anthropic"],
    "allowed_models": ["gpt-5.4", "claude-sonnet-4.6"],
    "usage": 0,
    "created_at": "2025-01-15T10:30:00Z",
    "expires_at": "2025-12-31T23:59:59Z"
  },
  "key": "lr_live_xxxxxxxxxxxxxxxx"
}

List API Keys

curl "https://api.arouter.ai/api/v1/keys?page_size=20" \
  -H "Authorization: Bearer lr_mgmt_xxxx"
Supports pagination with page_size, page_token, and offset query parameters.

Update an API Key

curl -X PATCH https://api.arouter.ai/api/v1/keys/KEY_HASH \
  -H "Authorization: Bearer lr_mgmt_xxxx" \
  -H "Content-Type: application/json" \
  -d '{"disabled": true}'
You can update name, disabled, limit, limit_reset, allowed_providers, and allowed_models.

Delete an API Key

curl -X DELETE https://api.arouter.ai/api/v1/keys/KEY_HASH \
  -H "Authorization: Bearer lr_mgmt_xxxx"
Deleted keys are immediately invalidated and cannot be restored.

Use Cases

ScenarioConfiguration
Per-service isolationOne API key per microservice with specific model access
Cost controlSpending limits per team or environment
Temporary accessShort-lived keys with expires_at for contractors
Provider lockdownRestrict staging to cheap models only
Rate protectionAdjust limits per key via the dashboard