API Key Management
API Key Management is where you view, copy, and monitor the API keys connected to your account.
Open it here:
What This Page Is For
Use API Key Management to:
- See all API keys linked to your account.
- Copy an API key for use in an application.
- Reveal a key temporarily.
- Check whether a key is active.
- Monitor token and request usage.
- Review the plan attached to each key.
This page does not explain how API authentication works at the protocol level. For that, see API Reference: Authentication.
API Key Cards
Each API key appears as a card.
The card may show:
- Plan name.
- Creation date.
- Renewal or expiration date.
- Hidden API key value.
- Token usage.
- Request usage.
- Key capacity.
Keys are hidden by default. When you reveal a key, it is visible only briefly before it is hidden again.
Copy an API Key
To copy an API key:
- Open API Keys.
- Find the key you want to use.
- Click the copy button.
- Store it in a secure place, such as an environment variable or secret manager.
Do not paste API keys into public repositories, screenshots, support tickets, or client-side code.
API Key Format
Custodian Labs API keys use a recognizable prefix so they are easier to identify.
Example format:
custodian_labs_********************************
The full value is a secret. Treat it like a password.
Usage and Limits
Each key is tied to account and plan limits.
The dashboard may show:
- Tokens used.
- Token limit.
- Requests used.
- Request limit.
- Percentage of quota used.
Usage normally belongs to the current billing or plan cycle. When a plan renews, available credits and request limits may refresh according to the plan.
When No API Key Appears
If the page says there are no API keys yet, activate a plan first.
The usual path is:
- Go to Managing Subscriptions.
- Choose the Free plan and click Get Started Free, or choose another available plan.
- Return to API Keys.
- Copy the generated key.
Safe Handling
Keep API keys secure:
- Use environment variables for local development.
- Use a secret manager in production.
- Avoid sharing keys in chat or screenshots.
- Rotate or replace keys if you suspect exposure.
- Monitor usage for unexpected spikes.
For more guidance, see Use API Keys Securely.