API Keys
All API requests to TopRouter require authentication using an API key. This guide covers how to create, use, and manage your keys securely.
Creating an API Key
- Go to the API Keys page
- Click Create API Key
- Give your key a descriptive name (e.g., "Production", "Development")
- Copy and securely store the key — it will only be shown once
WARNING
Your API key is a secret. Never share it publicly, commit it to version control, or expose it in client-side code.
Using Your API Key
HTTP Header (Recommended)
Include your API key in the Authorization header:
bash
curl https://toprouter.cc/chat/completions \
-H "Authorization: Bearer sk-your-toprouter-key" \
-H "Content-Type: application/json" \
-d '{"model": "google/gemini-3.5-flash", "messages": [{"role": "user", "content": "Hello"}]}'OpenAI SDK
python
from openai import OpenAI
client = OpenAI(
api_key="sk-your-toprouter-key",
base_url="https://toprouter.cc"
)Environment Variables
For security, store your key in environment variables:
bash
# .env or shell profile
export OPENAI_API_KEY="sk-your-toprouter-key"
export OPENAI_BASE_URL="https://toprouter.cc"python
import os
from openai import OpenAI
client = OpenAI() # Reads from env vars automaticallySecurity Best Practices
- Never hardcode keys in source code
- Use environment variables or secret management services
- Rotate keys regularly — create new keys and revoke old ones
- Use separate keys for development and production
- Monitor usage in the Console to detect unauthorized use
- Restrict access — only share keys with trusted team members
Managing Keys
On the API Keys page, you can:
- View all active API keys
- Revoke compromised or unused keys
- Track usage per key
- Create new keys at any time