Getting started
Authentication
API keys, headers, and key hygiene.
Every request needs your API key in the Authorization header:
text
Authorization: Bearer sk-...
Keys are created and managed in the dashboard.
Key hygiene #
- Treat keys like passwords: server-side only, never in browser code or public repos.
- Give each app, IDE, or agent its own key with its own budget and model allowlist — an agent gone wild can't drain your whole balance.
- If a key leaks, delete it in the dashboard. Revocation is immediate.
- Prefer environment variables (
ROUTERPLEX_API_KEY) over hardcoding.