Skip to main content
You can manage API keys from the dashboard UI or programmatically via the key management API.
Key management endpoints (/api/keys) require a billing key (mk-), not a proxy key (ms-). Create a billing key in Dashboard → Billing Keys.

Via the dashboard

1

Go to Dashboard → API Keys

Open the dashboard and navigate to API Keys.
2

Click 'Create key'

Give the key a name and optionally set an expiry date.
3

Copy the key

Copy the full key value — it’s only shown once. Store it somewhere safe before closing the dialog.

Via the API

List keys

curl https://modelswitch.io/api/keys \
  -H "Authorization: Bearer mk-YOUR_BILLING_KEY"

{
  "keys": [
    {
      "id": 1,
      "name": "Production",
      "prefix": "ms-abc1",
      "active": true,
      "createdAt": "2024-01-15T10:00:00Z"
    }
  ]
}
The response includes a prefix (the first characters of the key) so you can identify keys without storing the full value.

Create a key

curl -X POST https://modelswitch.io/api/keys \
  -H "Authorization: Bearer mk-YOUR_BILLING_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production", "expires_at": "2025-12-31T00:00:00Z"}'

{ "id": 1, "key": "ms-xxxxxxxxxxxxxxxx" }
The key field in the response is the only time the full key value is returned. Copy it immediately.

Update a key

Rename a key or deactivate it without deleting it. 
curl -X PUT https://modelswitch.io/api/keys/1 \
  -H "Authorization: Bearer mk-YOUR_BILLING_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production v2", "active": false}'

Delete a key

curl -X DELETE https://modelswitch.io/api/keys/1 \
  -H "Authorization: Bearer mk-YOUR_BILLING_KEY"
Deleting a key is irreversible. Any application using it will immediately receive 401 Unauthorized errors. Deactivate (active: false) first if you need a reversible option.

Best practices

Create separate keys for each environment (development, staging, production). This lets you rotate or revoke individual keys without affecting other environments.
  • Set expiry dates on keys you hand to third parties or contractors
  • Use the name field to record where and how a key is used — it makes incident response faster
  • Deactivate rather than delete when temporarily suspending access, so you can reactivate if needed