Developer Console
Unified model routing API
ConsoleKeysUse via headers: x-api-key or Authorization: Bearer

API Keys

Create, rotate, revoke keys. Plaintext key is shown only once.

Active keys
0
Not revoked
Production keys
0
Named prod/live
Revoked keys
0
Disabled permanently
Total keys
0
Across environments

API Key Security Policy

Limit keys by environment, spend, RPM, task, model, and IP. These settings create a safer path from free test to production traffic.

Environment

Separate prod, dev, and test keys to reduce blast radius.

Task allowlist

Restrict a key to public commercial tasks or internal workflows.

Model allowlist

Prevent accidental premium model spend from one leaked key.

IP and budget

Use RPM, IP, and monthly budgets for enterprise-grade control.

Safe free testing path

Start with low-risk keys, free task intelligence, and usage checks before customer traffic.

Keep keys server-side

Do not place OneAI keys in browser code, mobile apps, screenshots, or public repos.

Test free tasks first

Validate business_strategy and content_engine before moving to paid Pro or Team tasks.

Watch spend from day one

Set a monthly budget, then confirm requests, tokens, and model cost in Usage.

Create key

Name it by environment / service (e.g. prod_web, dev_cli, batch_worker).

Environment
Key name
Rate limit RPM
Monthly budget USD
Scopes
Allowed tasks
Allowed models
Allowed IPs

Keys

Manage access and track last usage.

Name
Env
Status
Prefix
Policy
Last used
Action
No keys yet. Create one above.
Tip: keep keys server-side. Use Quickstart and Usage to validate production traffic.