Overview
ARouter uses two types of keys:
| Key Type | Prefix | Purpose |
|---|
| Management Key | lr_mgmt_xxxx | Create, list, update, and delete API keys via the management API. |
| API Key | lr_live_xxxx | Make LLM requests (chat completions, embeddings, etc.). |
- Allowed providers — e.g. only OpenAI and Anthropic
- Allowed models — e.g. only
gpt-4o and claude-sonnet-4-20250514
- Spending limits — max budget per day/week/month
- Expiry — auto-expire after a date
Management Key: lr_mgmt_abc123
├── API Key 1: lr_live_def456 (OpenAI+Anthropic, $150/month, expires Dec 2025)
├── API Key 2: lr_live_ghi789 (DeepSeek only, $50/day)
└── API Key 3: lr_live_jkl012 (all providers, unlimited)
Create an API Key
curl -X POST https://api.arouter.com/api/v1/keys \
-H "Authorization: Bearer lr_mgmt_xxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "production-backend",
"allowed_providers": ["openai", "anthropic"],
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514"],
"limit": 150,
"limit_reset": "monthly",
"expires_at": "2025-12-31T23:59:59Z"
}'
import requests
resp = requests.post(
"https://api.arouter.com/api/v1/keys",
headers={"Authorization": "Bearer lr_mgmt_xxxx"},
json={
"name": "production-backend",
"allowed_providers": ["openai", "anthropic"],
"limit": 150,
"limit_reset": "monthly",
"expires_at": "2025-12-31T23:59:59Z",
},
)
data = resp.json()
print("API Key:", data["key"])
key, err := client.CreateKey(ctx, &arouter.CreateKeyRequest{
Name: "production-backend",
AllowedProviders: []string{"openai", "anthropic"},
Limit: float64Ptr(150),
LimitReset: "monthly",
})
fmt.Println("API Key:", key.Key)
const key = await router.createKey({
name: "production-backend",
allowed_providers: ["openai", "anthropic"],
limit: 150,
limit_reset: "monthly",
});
console.log("API Key:", key.key);
The key field is only returned once at creation time. Store it securely — you cannot
retrieve it later.
Response
{
"data": {
"hash": "abc123...",
"name": "production-backend",
"key_type": "regular",
"disabled": false,
"limit": 150,
"limit_remaining": 150,
"limit_reset": "monthly",
"allowed_providers": ["openai", "anthropic"],
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514"],
"usage": 0,
"created_at": "2025-01-15T10:30:00Z",
"expires_at": "2025-12-31T23:59:59Z"
},
"key": "lr_live_xxxxxxxxxxxxxxxx"
}
List API Keys
curl "https://api.arouter.com/api/v1/keys?page_size=20" \
-H "Authorization: Bearer lr_mgmt_xxxx"
page_size, page_token, and offset query parameters.
Update an API Key
curl -X PATCH https://api.arouter.com/api/v1/keys/KEY_HASH \
-H "Authorization: Bearer lr_mgmt_xxxx" \
-H "Content-Type: application/json" \
-d '{"disabled": true}'
name, disabled, limit, limit_reset, allowed_providers, and allowed_models.
Delete an API Key
curl -X DELETE https://api.arouter.com/api/v1/keys/KEY_HASH \
-H "Authorization: Bearer lr_mgmt_xxxx"
Use Cases
| Scenario | Configuration |
|---|
| Per-service isolation | One API key per microservice with specific model access |
| Cost control | Spending limits per team or environment |
| Temporary access | Short-lived keys with expires_at for contractors |
| Provider lockdown | Restrict staging to cheap models only |
| Rate protection | Adjust limits per key via the dashboard |
