API KEY MANAGEMENT

Every key. Every customer. One control plane.

Issue API keys with the right access from day one, then rotate, suspend, or revoke them without touching a deployment.

Keys stay in your code path. ReqKey handles the lifecycle around them.

reqkey / keys
API keys
12,480 keys across 3 APIs
+ Issue key
Search consumer, prefix, or API…
Atlas Mobile
rk_live_•••• 9K2F
ACTIVE
Northwind Labs
rk_live_•••• 4M8Q
ACTIVE
Paper Kite
rk_test_•••• 7A1C
TEST
ROTATE
SCOPE
VALIDATE
8ms
typical validation
1 click
to rotate a key
APIs per project
BUILT FOR THE WHOLE LIFECYCLE

The detail work is already done.

01

Issue keys with context attached

Every key belongs to a real consumer, not an anonymous string in a database.

  • Custom key prefixes
  • Consumer and plan attached
  • Expiration and status controls
02

Scope access down to the API

Give each integration exactly the APIs it needs and nothing it does not.

  • Per-API allow lists
  • Multiple keys per consumer
  • Metadata for internal workflows
03

Change access without a deploy

Suspend abuse, rotate leaked credentials, or revoke access from one dashboard action.

  • Instant suspend and resume
  • Safe key rerolls
  • Complete administrative audit trail
STRAIGHT FROM THE DASHBOARD

The real keys screen, not a mockup.

Every key with its consumer, scoped APIs, credit meter, and status — exactly as the dashboard ships today.

reqkey / dashboard / keys
ReqKey dashboard — all API keys with attached consumers, allowed APIs, status, and credits
INTEGRATE IN MINUTES

One call in your middleware.

Validation is a single POST from inside your codebase — no proxy in front of your API and no gateway migration. The response tells you whether the key is valid and how many credits remain.

See the full key API reference
middleware.ts
// Your middleware — Express, Hono, Fastify, anythingconst check = await fetch('https://api.reqkey.com/key/validate', {  method: 'POST',  headers: { Authorization: `Bearer ${REQKEY_ROOT_KEY}` },  body: JSON.stringify({ key: req.headers['x-api-key'], credits: 1 }),}) const { valid, requestId, creditsRemaining } = await check.json()if (!valid) return unauthorized()
HOW IT FLOWS

From setup to production.

01

Create consumer

Attach an owner and plan.

02

Issue scoped key

Choose APIs and expiry.

03

Validate in code

One middleware call.

04

Rotate safely

No application deploy.

READY WHEN YOUR API IS

Issue your first key in minutes.

Start free with 100,000 requests a month — no credit card, and your keys stay in your code path.