API Keys
Create, rotate, revoke keys. Plaintext key is shown only once.
API Key Security Policy
Limit keys by environment, spend, RPM, task, model, and IP. These settings create a safer path from free test to production traffic.
Separate prod, dev, and test keys to reduce blast radius.
Restrict a key to public commercial tasks or internal workflows.
Prevent accidental premium model spend from one leaked key.
Use RPM, IP, and monthly budgets for enterprise-grade control.
Safe free testing path
Start with low-risk keys, free task intelligence, and usage checks before customer traffic.
Do not place OneAI keys in browser code, mobile apps, screenshots, or public repos.
Validate business_strategy and content_engine before moving to paid Pro or Team tasks.
Set a monthly budget, then confirm requests, tokens, and model cost in Usage.
Create key
Name it by environment / service (e.g. prod_web, dev_cli, batch_worker).
Keys
Manage access and track last usage.