Overview

Authentication

All OneRouter API requests are authenticated using Bearer tokens (API keys). This page covers key creation, usage, and security best practices.

Bearer Token Authentication

Include your API key in the Authorization header of every request:

http
Authorization: Bearer sk-your-api-key-here

Creating API Keys

  1. Log in to the OneRouter Dashboard
  2. Navigate to API Keys in the sidebar
  3. Click + New Key
  4. Give your key a descriptive name (e.g., "production-backend", "dev-testing")
  5. Optionally set a monthly spend limit and allowed models
  6. Copy the key immediately — it will not be shown again
Your API key is shown only once. Store it securely — we cannot recover it. If lost, generate a new key and revoke the old one.

Key Scoping & Permissions

Each API key can be scoped to specific permissions:

  • Models: Restrict which models the key can access
  • Monthly budget: Set a hard spending cap that auto-disables the key
  • IP whitelisting: Only allow requests from specific IP ranges
  • Rate limiting: Custom RPM/TPM limits per key

Using Environment Variables

Always use environment variables in production — never hardcode keys:

python
import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["ONEROUTER_API_KEY"],
    base_url="https://api.onerouter.app/v1",
)

Revoking & Rotating Keys

You can revoke any API key instantly from the Dashboard. We recommend rotating keys every 90 days and immediately revoking any key you suspect has been compromised.