New: Audio API, Embeddings & Realtime WebSocket now available!
osmAPI LogoosmAPI

API Keys

Create and manage API keys with spending limits and access controls.

API Keys

osmAPI gives you full control over API access with key management, spending limits, and fine-grained access policies.

Features

  • Create and Manage Keys: Generate, rotate, and revoke API keys anytime.
  • Spending Limits (Coming Soon): Set per-key budget caps to prevent unexpected costs.
  • Access Policies (Coming Soon): Control which models, providers, and pricing tiers each key can access.
  • Usage Tracking: Monitor usage and costs per key in real time.
  • Active/Inactive States: Disable keys temporarily without deleting them.

Creating Keys

  1. Go to your project in the dashboard.
  2. Open the API Keys section.
  3. Click Create New Key.
  4. Add a label for easy identification.
  5. (Optional) Set a spending limit.
  6. Copy and save your key.

API keys are only shown once when created. Store them securely in your environment variables or secrets manager.

Using Keys

Include your key as a Bearer token in the Authorization header:

curl -X POST "https://api.osmapi.com/v1/chat/completions" \
  -H "Authorization: Bearer osm_xyz..." \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Spending Limits (Coming Soon)

Set a maximum spend per key. Once a key hits its limit, requests are rejected until the limit is raised or reset. This prevents any single key from running up unexpected costs.

Access Policies (Coming Soon)

Control what each key can do. Currently, API keys support basic free/paid model validation. The advanced policies below are planned for a future release.

Model Restrictions

  • Allow List: Only permit specific models.
  • Block List: Block access to certain models.

Provider Restrictions

  • Approved Providers: Limit which providers a key can route to.
  • Blocked Providers: Prevent access to specific providers.

Pricing Tier Restrictions

  • Cost Limits: Block access to expensive models for certain keys.
  • Tier Separation: Give some keys access to premium models, restrict others to free models only.

Error Handling

If a request violates a key's policy or exceeds its spending limit:

{
	"error": true,
	"status": 403,
	"message": "Policy Violation: The requested model (gpt-4) is not authorized for this API key."
}

Common Errors

  • Model Not Allowed: The requested model isn't in the key's allow list.
  • Provider Blocked: The target provider is restricted for this key.
  • Spending Limit Reached: The key has exceeded its budget cap.
  • Key Inactive: The key has been disabled.
  1. Start Open: New keys have full access by default.
  2. Add Restrictions Gradually: Apply policies to new features first.
  3. Monitor Logs: Watch for access denied errors to fine-tune policies.
  4. Rotate for Production: Use restricted keys for production services.

Keys without any access policies can use all active models and providers in your project.

How is this guide?

Anthropic API Compatibility

Use the Anthropic-compatible endpoint to access any LLM model through the familiar Anthropic API format.

Provider Keys (BYOK)

Bring your own API keys from OpenAI, Google, Anthropic, and other providers to use with osmAPI.

On this page

API Keys
Features
Creating Keys
Using Keys
Spending Limits (Coming Soon)
Access Policies (Coming Soon)
Model Restrictions
Provider Restrictions
Pricing Tier Restrictions
Error Handling
Common Errors
Recommended Setup