šŸµ
Sign inSign up

API Key Management

Learn how to securely manage your AI provider API keys in GreenMonkey's BYOK (Bring Your Own Key) system.

Understanding BYOK Security

What is BYOK?

BYOK (Bring Your Own Key) means:

  • You provide your own API keys
  • Keys are encrypted with AES-256
  • You maintain full control
  • No vendor lock-in
  • Direct billing from providers

Security Features

Your keys are protected by:

  • Military-grade encryption - AES-256 encryption at rest
  • Secure transmission - HTTPS only, never logged
  • Access control - Only you can view/modify
  • Audit trail - Track all key usage
  • Auto-expiration - Optional time limits

Adding API Keys

Step 1: Get Provider Keys

First, obtain keys from AI providers:

OpenAI

  1. Visit platform.openai.com
  2. Go to API Keys section
  3. Click "Create new secret key"
  4. Copy immediately (shown once!)

Anthropic (Claude)

  1. Visit console.anthropic.com
  2. Navigate to API Keys
  3. Generate new key
  4. Save securely

Google AI (Gemini)

  1. Visit makersuite.google.com
  2. Get API key from settings
  3. Enable necessary APIs
  4. Note usage limits

Step 2: Add to GreenMonkey

  1. Go to Dashboard ā†’ API Keys
  2. Click "Add New Key"
  3. Select provider type
  4. Enter your key details:
    • Name - Friendly identifier
    • API Key - Your secret key
    • Usage Limit - Optional monthly cap
    • Expiration - Optional auto-expire

Step 3: Verify Key

After adding:

  1. Click "Test Connection"
  2. Verify successful response
  3. Check remaining credits
  4. Confirm model access

Managing Multiple Keys

Organization Strategies

By Purpose

OpenAI - Production
OpenAI - Development
OpenAI - Testing
Anthropic - Main
Google AI - Backup

By Project

Client A - GPT-4
Client B - Claude
Personal - All Models
Side Project - Gemini

By Limit

High Limit - Production
Medium Limit - Development
Low Limit - Testing
Pay-as-you-go - Overflow

Key Rotation

Best practices:

  1. Rotate keys every 90 days
  2. Use expiration dates
  3. Keep one backup key
  4. Document rotation schedule
  5. Update dependent products

Usage Monitoring

Dashboard Metrics

Track your usage:

  • Requests - API calls per key
  • Tokens - Input/output consumption
  • Cost - Estimated spending
  • Errors - Failed requests
  • Latency - Response times

Setting Limits

Protect against overuse:

  1. Set monthly spending caps
  2. Configure request limits
  3. Enable usage alerts
  4. Auto-pause at limit
  5. Review weekly

Usage Alerts

Configure notifications:

  • 50% of limit reached
  • 80% of limit reached
  • 100% limit hit
  • Unusual activity detected
  • Key expiration reminders

Provider-Specific Settings

OpenAI Configuration

Special settings:

  • Organization ID - For enterprise accounts
  • Model Access - GPT-4, GPT-3.5, DALL-E
  • Rate Limits - Requests per minute
  • Fine-tuned Models - Custom model IDs

Anthropic Configuration

Claude options:

  • Model Selection - Claude 3 Opus/Sonnet/Haiku
  • Context Window - 100K or 200K
  • Safety Settings - Content filtering
  • Beta Features - Early access

Google AI Configuration

Gemini settings:

  • Model Variants - Pro, Ultra
  • Safety Filters - Harm categories
  • Location - Regional endpoints
  • Quota Management - Per-project limits

Security Best Practices

Key Storage

āœ… Do:

  • Use unique keys per platform
  • Enable IP restrictions (when available)
  • Set expiration dates
  • Monitor usage regularly
  • Keep backup keys

āŒ Don't:

  • Share keys between users
  • Commit keys to git
  • Use production keys for testing
  • Ignore usage anomalies
  • Keep compromised keys

Access Control

Limit key permissions:

  1. Use read-only keys when possible
  2. Restrict to specific models
  3. Enable IP allowlists
  4. Set usage quotas
  5. Review permissions quarterly

Incident Response

If a key is compromised:

  1. Immediately revoke in provider dashboard
  2. Generate new key
  3. Update in GreenMonkey
  4. Check usage logs
  5. Notify affected users

Advanced Features

Environment Variables

For developers:

// Use in products
const apiKey = process.env.GREENMONKEY_OPENAI_KEY;
const client = new OpenAI({ apiKey });

Key Aliasing

Create readable aliases:

  • @production ā†’ Main production key
  • @development ā†’ Dev environment
  • @testing ā†’ CI/CD pipeline
  • @backup ā†’ Failover key

Failover Configuration

Set backup keys:

  1. Add primary and backup keys
  2. Enable automatic failover
  3. Configure retry logic
  4. Monitor failover events
  5. Test regularly

Team Key Management (Business+)

Shared Keys

For team accounts:

  • Team Keys - Shared across members
  • Personal Keys - Individual use only
  • Project Keys - Specific to projects
  • Client Keys - Customer-provided

Permissions

Control who can:

  • View key names
  • Use keys in products
  • See usage stats
  • Modify settings
  • Add/remove keys

Audit Logs

Track all actions:

  • Who added/removed keys
  • Usage by member
  • Configuration changes
  • Failed attempts
  • Exports

Troubleshooting

Common Issues

"Invalid API Key"

  • Double-check for typos
  • Ensure no extra spaces
  • Verify in provider dashboard
  • Check expiration
  • Confirm activation

"Rate Limit Exceeded"

  • Check provider limits
  • Upgrade plan if needed
  • Implement backoff
  • Use multiple keys
  • Contact provider

"Model Access Denied"

  • Verify model availability
  • Check account tier
  • Request access
  • Use alternative model
  • Review permissions

Debugging Tools

Use built-in tools:

  1. Connection Tester - Verify key works
  2. Usage Inspector - See recent calls
  3. Error Logger - Review failures
  4. Latency Monitor - Check performance
  5. Cost Calculator - Estimate spending

Cost Optimization

Monitoring Spend

Track costs:

  • Daily spend per key
  • Model-specific costs
  • Projected monthly total
  • Cost per product
  • Efficiency metrics

Reducing Costs

Strategies:

  1. Use appropriate models (GPT-3.5 vs GPT-4)
  2. Optimize prompt length
  3. Cache common responses
  4. Batch similar requests
  5. Set spending limits

Provider Comparison

Provider Strengths Best For Pricing
OpenAI Versatility, GPT-4 General purpose Per token
Anthropic Long context, safety Complex tasks Per token
Google AI Multimodal, free tier Experimentation Free/paid tiers

Integration Examples

Using Keys in Products

// Prompt product example
export async function executePrompt(userApiKey, prompt, variables) {
  const openai = new OpenAI({
    apiKey: userApiKey, // User's encrypted key
  });

  return await openai.chat.completions.create({
    model: 'gpt-4',
    messages: [{ role: 'user', content: prompt }],
    ...variables,
  });
}

Workflow Integration

In visual workflows:

  1. Add "API Key" node
  2. Select key from dropdown
  3. Connect to AI nodes
  4. Key used automatically
  5. Usage tracked

Best Practices Summary

  1. Security First - Rotate keys, set limits, monitor usage
  2. Organize Well - Name clearly, group logically
  3. Monitor Actively - Check usage, costs, errors
  4. Plan Failover - Have backup keys ready
  5. Document Everything - Track what each key does

Next Steps

ā† Back to DocsEdit this page ā†’