Service Account Keys
Service account keys belong to a team, not an individual user. Use them for CI/CD pipelines, background jobs, and long-lived integrations that should survive personnel changes.
Why use a service account key?
| Regular key | Service account key | |
|---|---|---|
| Belongs to | A user | A team |
| Budget tracking | User-level limits | Team-level limits |
| Deleted when user removed? | Yes | No |
| Requires team_id? | No | Yes |
Create a service account key
- cURL
- Python
curl https://api.haimaker.ai/key/service-account/generate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"team_id": "your-team-id",
"key_alias": "ci-pipeline",
"models": [],
"max_budget": 100,
"budget_duration": "30d"
}'
import requests
resp = requests.post(
"https://api.haimaker.ai/key/service-account/generate",
headers={"Authorization": "Bearer YOUR_API_KEY"},
json={
"team_id": "your-team-id",
"key_alias": "ci-pipeline",
"models": [],
"max_budget": 100,
"budget_duration": "30d",
},
)
print(resp.json()["key"]) # sk-...
The response includes the generated key (starts with sk-). Store it securely -- you won't be able to retrieve it again.
Required fields
| Field | Description |
|---|---|
team_id | The team this key belongs to. Required. |
Optional fields
| Field | Description |
|---|---|
key_alias | Human-readable name for the key |
models | List of allowed models. Empty list = all models. |
max_budget | Maximum spend limit (USD) |
budget_duration | Budget reset period ("30s", "30m", "30h", "30d") |
duration | Key expiration ("30d", "90d", etc.). Omit for no expiration. |
rpm_limit | Requests per minute limit |
tpm_limit | Tokens per minute limit |
metadata | Arbitrary key-value pairs for your own tracking |
tags | Tags for spend tracking |
Use the key
Service account keys work exactly like regular API keys for making LLM requests:
curl https://api.haimaker.ai/v1/chat/completions \
-H "Authorization: Bearer sk-SERVICE-ACCOUNT-KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "openai/gpt-4o",
"messages": [{"role": "user", "content": "Hello"}]
}'
Permissions
Service account keys have the same permissions as the team they belong to. They can:
- Call any model the team has access to
- Use any auto-router assigned to the key
- Be subject to the team's budget and rate limits
note
Service account keys have user_id set to null. Budget enforcement uses team-level limits, not user-level limits.
Managing service account keys
You can update, regenerate, and delete service account keys using the same key management endpoints as regular keys. The team_id cannot be removed from a service account key.