Issue keys with context attached
Every key belongs to a real consumer, not an anonymous string in a database.
- Custom key prefixes
- Consumer and plan attached
- Expiration and status controls
Issue API keys with the right access from day one, then rotate, suspend, or revoke them without touching a deployment.
Keys stay in your code path. ReqKey handles the lifecycle around them.
Every key belongs to a real consumer, not an anonymous string in a database.
Give each integration exactly the APIs it needs and nothing it does not.
Suspend abuse, rotate leaked credentials, or revoke access from one dashboard action.
Every key with its consumer, scoped APIs, credit meter, and status — exactly as the dashboard ships today.

Validation is a single POST from inside your codebase — no proxy in front of your API and no gateway migration. The response tells you whether the key is valid and how many credits remain.
See the full key API reference// Your middleware — Express, Hono, Fastify, anythingconst check = await fetch('https://api.reqkey.com/key/validate', { method: 'POST', headers: { Authorization: `Bearer ${REQKEY_ROOT_KEY}` }, body: JSON.stringify({ key: req.headers['x-api-key'], credits: 1 }),}) const { valid, requestId, creditsRemaining } = await check.json()if (!valid) return unauthorized()Attach an owner and plan.
Choose APIs and expiry.
One middleware call.
No application deploy.
Start free with 100,000 requests a month — no credit card, and your keys stay in your code path.