> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verlon.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Generate and manage Verlon API keys to authenticate your requests

## Overview

Verlon API keys authenticate your application's requests to the Verlon AI platform. Every request to Verlon requires a valid API key in the `Authorization` header.

## Key Format

Verlon API keys follow this format:

```
sk-vrln-9e1417ca5c9b793875f12b6cf3185b9d...
```

All newly minted keys start with the `sk-vrln-` prefix followed by 64 hex characters. Legacy keys minted before this prefix shipped (`verlon_*` and `layer_*`) continue to validate — no rotation required.

## Creating a Key

### From the Dashboard

1. Go to **Dashboard → API Keys**
2. Click **Create New Key**
3. Enter a name for the key (e.g., "Production", "Development", "CI/CD")
4. Click **Create**

<Warning>
  The full key is shown **only once** after creation. Copy it immediately and store it securely. You won't be able to see the full key again.
</Warning>

After creation, only a masked prefix is displayed in the dashboard (e.g., `sk-vrln-9e14...`).

## Using a Key

Include your API key in the `Authorization` header of every request:

<Tabs>
  <Tab title="Verlon SDK">
    ```typescript theme={null}
    import { Verlon } from '@verlon-ai/sdk';

    const verlon = new Verlon({
      apiKey: process.env.VERLON_API_KEY
    });
    ```
  </Tab>

  <Tab title="cURL">
    ```bash theme={null}
    curl -X POST https://api.verlon.ai/v3/chat \
      -H "Authorization: Bearer sk-vrln-your_key" \
      -H "Content-Type: application/json" \
      -d '{ ... }'
    ```
  </Tab>

  <Tab title="OpenAI SDK">
    ```typescript theme={null}
    import OpenAI from 'openai';

    const openai = new OpenAI({
      baseURL: 'https://api.verlon.ai/v1',
      apiKey: process.env.VERLON_API_KEY,
    });
    ```
  </Tab>
</Tabs>

## Managing Keys

### Multiple Keys

You can create multiple API keys for different environments or services. Each key has independent access to all your gates and resources.

### Revoking a Key

To revoke a key, click the **Delete** button next to it in the dashboard. Revoked keys immediately stop working — any application using that key will receive authentication errors.

### Last Used Tracking

The dashboard shows when each key was last used, helping you identify unused keys that should be cleaned up.

## Security Best Practices

* **Never commit API keys to source control.** Use environment variables or a secrets manager.
* **Use separate keys** for development, staging, and production environments.
* **Rotate keys periodically.** Create a new key, update your application, then revoke the old one.
* **Revoke unused keys.** If a key hasn't been used recently, consider deleting it.

## API Keys vs Provider Keys

|                     | Verlon API Keys             | Provider Keys (BYOK)                    |
| ------------------- | --------------------------- | --------------------------------------- |
| **Purpose**         | Authenticate with Verlon AI | Route through your own provider account |
| **Format**          | `sk-vrln-...`               | Provider-specific (e.g., `sk-proj-...`) |
| **Count**           | Multiple allowed            | One per provider                        |
| **Affects billing** | Uses your Verlon plan quota | Charges appear on your provider account |

For more on provider keys, see [Bring Your Own Keys](/platform/byok).
