Getting started

Authentication

API keys, headers, and key hygiene.

Every request needs your API key in the Authorization header:

text
Authorization: Bearer sk-...

Keys are created and managed in the dashboard.

Key hygiene #

  • Treat keys like passwords: server-side only, never in browser code or public repos.
  • Give each app, IDE, or agent its own key with its own budget and model allowlist — an agent gone wild can't drain your whole balance.
  • If a key leaks, delete it in the dashboard. Revocation is immediate.
  • Prefer environment variables (ROUTERPLEX_API_KEY) over hardcoding.