Key Management API
Manage API keys programmatically. Create keys for your team members, update budgets, rotate keys, and clean up unused keys -- all through the API.
These endpoints are designed for programmatic access. We recommend using a service account key rather than a personal key -- service account keys belong to the team (not a user), so you can separate API management from keys that are tied to budgets.
Create a key
curl -X POST https://api.haimaker.ai/key/generate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"team_id": "your-team-id",
"key_alias": "my-new-key",
"models": ["openai/gpt-4o", "anthropic/claude-sonnet-4-20250514"],
"max_budget": 50,
"budget_duration": "30d",
"duration": "90d"
}'
Response:
{
"key": "sk-generated-key-value",
"key_name": "sk-gene...alue",
"expires": "2025-06-15T00:00:00Z",
"token_id": "abc123..."
}
Parameters
| Parameter | Type | Description |
|---|---|---|
team_id | string | Required. Team to associate the key with. |
key_alias | string | Human-readable name |
models | string[] | Allowed models. [] = all models. |
max_budget | float | Max spend in USD |
budget_duration | string | Budget reset period: "30s", "30m", "30h", "30d" |
duration | string | Key validity: "30d", "90d", "-1" (never expires) |
rpm_limit | int | Requests per minute |
tpm_limit | int | Tokens per minute |
model_max_budget | object | Per-model budgets: {"openai/gpt-4o": {"budget_limit": 10, "time_period": "30d"}} |
model_rpm_limit | object | Per-model RPM: {"openai/gpt-4o": 100} |
model_tpm_limit | object | Per-model TPM: {"openai/gpt-4o": 100000} |
metadata | object | Arbitrary key-value pairs |
tags | string[] | Tags for spend tracking |
soft_budget | float | Triggers an alert when reached (does not block requests) |
Update a key
Update budget, rate limits, allowed models, or metadata on an existing key.
curl -X POST https://api.haimaker.ai/key/update \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"key": "sk-key-to-update",
"max_budget": 200,
"models": ["openai/gpt-4o", "anthropic/claude-sonnet-4-20250514", "deepseek/deepseek-v3"],
"rpm_limit": 500
}'
All fields are optional -- only include what you want to change.
Updatable fields
Budget and limits: max_budget, budget_duration, soft_budget, model_max_budget, rpm_limit, tpm_limit, model_rpm_limit, model_tpm_limit, max_parallel_requests
Access: models, blocked, metadata, tags
Key lifecycle: key_alias, duration
Get key info
# Info about a specific key
curl "https://api.haimaker.ai/key/info?key=sk-key-to-check" \
-H "Authorization: Bearer YOUR_API_KEY"
# Info about the calling key itself (omit ?key=)
curl "https://api.haimaker.ai/key/info" \
-H "Authorization: Bearer sk-key-to-check"
Response includes: key_alias, models, max_budget, spend, expires, team_id, rpm_limit, tpm_limit, and more.
List keys
curl "https://api.haimaker.ai/key/list?team_id=your-team-id&page=1&size=20" \
-H "Authorization: Bearer YOUR_API_KEY"
| Query parameter | Description |
|---|---|
team_id | Filter by team |
user_id | Filter by user |
page | Page number (default: 1) |
size | Page size, max 100 (default: 10) |
key_hash | Filter by specific key hash |
Delete a key
curl -X POST https://api.haimaker.ai/key/delete \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"keys": ["sk-key-to-delete"]
}'
You can also delete by alias:
curl -X POST https://api.haimaker.ai/key/delete \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"key_aliases": ["my-old-key"]
}'
Regenerate a key
Replace an existing key with a new secret while preserving all its settings (budget, models, rate limits).
curl -X POST https://api.haimaker.ai/key/regenerate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"key": "sk-old-key-value"
}'
The old key stops working immediately. The response contains the new key value.
You can also update settings during regeneration by including fields like max_budget, duration, etc. in the request body.
Service account keys
For CI/CD, background jobs, or any integration that should not be tied to a specific user, use a service account key instead.