API keys authenticate your applications to the Guardway gateway. They’re issued and managed in the dashboard, pushed to attached gateways, and used at request time via the Authorization: Bearer <key> header.
Create a key
Go to Settings → API keys and click New key.
Fill in:
| Field | Purpose |
|---|
| Name | What you’ll see in logs. Use the app name. |
| Team | Budget and quota inheritance. |
| Role | admin, developer, or read-only. Most app keys should be developer. |
| Budget | Hard USD cap; requests are blocked when exceeded. |
| Quota | Requests per minute + tokens per minute. |
| Allowed models | Optional allow-list. Leave empty for all enabled models. |
| Expiration | Optional. Keys without an expiration never auto-expire. |
The secret value is shown once at creation. Copy it into your secrets manager immediately. If you lose it, rotate the key.
Use it
curl https://<your-gateway>/v1/chat/completions \
-H "Authorization: Bearer <your-key>" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"hi"}]}'
Rotate and revoke
- Rotate issues a new secret without invalidating the key id. Old secret stops working immediately — plan a deploy window.
- Revoke disables the key entirely. All in-flight requests are drained, then blocked.
Both actions are audit-logged on every gateway the key was pushed to. 
