← Back to ProxyLLM

Authentication

Every request to api.proxyllm.dev requires a Bearer token in the Authorization header. The token is your workspace API key.

Request format

curl https://api.proxyllm.dev/v1/chat/completions \
  -H "Authorization: Bearer pl_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"hi"}]}'

Key format

Keys are 35 characters: the literal prefix pl_ followed by 32 lowercase hex chars (a UUIDv4 with hyphens stripped). Example: pl_a1b2c3d4e5f67890abcdef1234567890.

Keys created before June 2026 may be 36 chars in raw UUID format (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). Both formats authenticate the same way — nothing to do on your side.

Multiple keys per workspace

Every workspace ships with a primary API key. Paid plans can create additional keys (e.g. one per environment or per service) at app.proxyllm.dev/settings:

  • Free: 1 key (primary only)
  • Pro: up to 5 keys
  • Scale: unlimited

All keys for a workspace share the same quota, dashboard, and analytics. The split is purely for revocation and attribution.

Rotating the primary key

Rotation invalidates the old key immediately. Update your clients first, then rotate — otherwise live traffic will start getting 401 Invalid API key until you redeploy with the new value.

curl -X POST https://api.proxyllm.dev/v1/workspace/rotate-key \
  -H "Authorization: Bearer pl_current_key"

# Response:
# { "api_key": "pl_new_key_here", "message": "API key rotated. Update your applications." }

Error responses

Missing or malformed header → 401 auth_error. Wrong key → same. See Errors for full response shapes.