> ## Documentation Index
> Fetch the complete documentation index at: https://docs.openp.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an API key

> Create an sk- token in the console and configure its permissions

An API key (token) is the credential for every API call. We recommend creating a separate one per app / environment for fine-grained control.

## Create a token

1. After signing in at [openp.ai](https://openp.ai), go to Console → **Tokens**.
2. Click **Add new token** in the top-right corner.
3. Fill in the token configuration:

| Field        | Required | Description                                                                     |
| ------------ | -------- | ------------------------------------------------------------------------------- |
| Name         | Yes      | For your own reference only, e.g. `my-app-prod`, `local-dev`.                   |
| Quota        | No       | The maximum amount this token may spend. `-1` means unlimited.                  |
| Expiry       | No       | Leave empty for no expiry. Set a short window for temporary test tokens.        |
| Model scope  | No       | A list of model IDs this token may call. Empty means all models on the account. |
| IP allowlist | No       | Only allow requests from the specified IPs (comma-separated).                   |
| Group        | No       | The group channel this token uses (affects multiplier and upstream).            |

4. Click **Submit**. The system generates a key like:

```
sk-J5g0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

<Warning>The key is shown in full only once, at creation. Copy it immediately into a password manager or environment variable — **after you close the page you can't view it in full again** (only the first/last fragments).</Warning>

## Store the key safely

Recommended practices:

* **Local development**: write it to a `.env` file and add that to `.gitignore`.
* **Production**: use a secrets manager like Vault, AWS Secrets Manager or Doppler.
* **CI/CD**: inject it as a GitHub Actions / GitLab secret.
* **Never commit it to a Git repo** or paste it into chats / issues.

```bash .env theme={null}
OPENPAI_API_KEY=sk-J5g0xxxxxxxxxxxxxxxxxxxxxxxxxx
OPENPAI_BASE_URL=https://openp.ai/v1
```

## Manage existing tokens

In the **token list** you can, for each token:

* **Copy**: copy the full key again (only available briefly after creation).
* **Edit**: change the name, quota, expiry and model scope.
* **Disable / enable**: temporarily suspend it without deleting.
* **Delete**: permanently void it — requests using the key immediately return `401`.

<Tip>If you suspect a key has leaked, click **Disable** or **Delete** immediately, then create a new key to replace it. Unauthorized spend that already occurred can be reviewed via a support ticket.</Tip>

## Verify the key works

```bash theme={null}
curl https://openp.ai/v1/models \
  -H "Authorization: Bearer $OPENPAI_API_KEY"
```

If it returns a JSON model list, the key works.
If it returns `401`, check that the key was copied in full, isn't disabled, and hasn't expired.

## Next steps

<CardGroup cols={2}>
  <Card title="Top up" icon="wallet" href="/en/getting-started/top-up">
    Add credit to call all paid models.
  </Card>

  <Card title="Send your first request" icon="paper-plane" href="/en/getting-started/first-request">
    Make a Chat Completion with the key you just created.
  </Card>
</CardGroup>
