Skip to main content
ModelSwitch uses two separate key types for two separate purposes: one for making AI inference requests, and one for managing your account programmatically.

Key types

Proxy keys

Prefix: ms-Used for all AI inference requests to /v1/* endpoints. This is the key you pass as Authorization: Bearer ms-... when calling the API.Create these in Dashboard → API Keys.

Billing keys

Prefix: mk-Used for account management requests to /api/* endpoints — checking your balance, listing transactions, managing subscriptions, and similar operations.Create these in Dashboard → Billing Keys.
Keep these two key types separate. Proxy keys cannot access billing endpoints, and billing keys cannot be used to make AI inference requests.

Key properties

Each key has the following attributes:
FieldDescription
idUnique numeric identifier
nameLabel you assign at creation — use this to identify keys by app or environment
prefixFirst 8 characters of the key, shown in the dashboard after creation
activeWhether the key can currently be used. Inactive keys return 403.
createdAtTimestamp when the key was created
expiresAtOptional expiry date. After this date the key is automatically deactivated.

Key lifecycle

1

Create the key

Go to Dashboard → API Keys (for proxy keys) or Dashboard → Billing Keys (for billing keys). Click Create key and give it a descriptive name.
2

Copy the full key immediately

The full key value is shown only once at creation time. Copy it and store it securely. After you close the dialog, only the 8-character prefix is visible.
3

Use the key

Pass the key in the Authorization header of your requests. See Authentication for details.
4

Rotate when needed

Create a new key, update your application to use it, then delete the old key. There is no downtime because both keys work simultaneously during the transition.
If you lose a key, you cannot recover it. Delete the lost key and create a new one. Treat all ms- and mk- keys as secrets — never commit them to source control.

Best practices

  • One key per environment. Use separate keys for development, staging, and production so you can revoke one without affecting the others.
  • Set expiry dates. For temporary access (contractors, one-off scripts), set an expiresAt when creating the key.
  • Delete unused keys. Fewer active keys means a smaller attack surface if a key is ever compromised.
  • Use environment variables. Store keys in environment variables or a secrets manager, not in your source code.
  • Monitor via security log. The Dashboard security log records key creation and deletion events.

Authentication

How to pass keys in API requests

Manage keys

Create, update, and delete keys via the API