API Key Management

The model deployment service provides comprehensive API Key management functionality, allowing you to securely access and call deployed models. This article introduces how to create, manage, and use API Keys.

Access Control Description

By default, newly created model deployments are publicly accessible, meaning anyone can call the service without authentication. This mode is suitable for:

• Public demo services
• Test environments
• Scenarios that don't require access control

If you need to restrict access, you can:

1. Enter the model deployment settings page
2. Find the "Access Control" section
3. Enable the access control switch

After enabling access control, all access requests will require a valid API Key.

API Key Overview

API Keys are credentials for accessing model deployment services, providing the following advantages:

• Security: Each API Key is unique and can be independently managed and revoked
• Flexible Control: Supports both user-level and model deployment-level access control
• Easy to Use: Follows industry standard practices (such as OpenAI, HuggingFace, etc.)

Access Points

You can access the API Key management functionality through the following three methods:

1. Model Deployment Level

   • Enter a specific model deployment page
   • After enabling "Access Control"
   • Manage API Keys for that model deployment in settings

2. For Individual Users

   • Click "Account Settings" in the bottom left corner
   • Find the "API Key" option in the right panel
   • Manage your personal API Keys

3. For Organization Users

   • Click "Organization Settings" in the bottom left corner
   • Access "API Key" in the right panel
   • Manage the organization's API Keys

API Key Types

HyperAI provides two types of API Keys:

1. User-level API Key

   • Can access all model deployments under that user
   • Suitable for scenarios requiring unified management of multiple model deployments

2. Model Deployment-level API Key

   • Can only access specific model deployments
   • Supports binding to one or multiple model deployments
   • Bindings can be changed as needed

:::info Note API Key types can be changed as needed, allowing you to adjust the scope of model deployments a Key can access. :::

:::caution Note API Key creation, update, or deletion operations may take approximately 5 minutes to take effect. During this period, please be patient and avoid repeated operations. :::

Create API Key

1. Navigate to the model deployment settings page
2. Find the "API Key Management" section
3. Click the "Create API Key" button
4. In the popup dialog:
   • Enter the API Key name (for identification purposes)
   • Select the API Key type (user-level or model deployment-level)
   • If selecting model deployment-level, choose the model deployment to bind
   • Click the "Create" button

:::caution Note The newly created API Key will only be displayed once. Please make sure to copy and save it securely immediately, as you will not be able to view the complete Key again later. :::

Edit API Key Permissions

You can adjust the models accessible by model deployment-level API Keys at any time:

1. Find the Key you want to edit in the API Key list
2. Click the "Edit" button
3. Modify the accessible model deployments in the popup dialog
4. Click "Confirm" to confirm the changes

Delete API Key

If you no longer need an API Key, or suspect the Key has been compromised, you can:

1. Find the Key you want to delete in the API Key list
2. Click the "Delete" button
3. Confirm the deletion operation

:::warning Warning Deleting an API Key is an irreversible operation. After deletion, all applications using this Key will be unable to access the model deployment service. Please note that the deletion operation may take approximately 5 minutes to fully take effect. :::

Use API Key

When calling the model deployment service, you need to include the API Key in the request header. Here is an example of calling a large language model service:

curl --location 'https://open-tutorials-2obiahfo3kig.serv-c1.openbayes.net/v1/chat/completions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer sk-5cyqtxxxxxdevjuiife5zpz8tsj' \
--data '{
    "model": "DeepSeek-R1-Distill-Qwen-1.5B",
    "messages": [
        {
            "role": "user",
            "content": "hi"
        }
    ]
}'

HTTP Request Header Description

When sending requests, you need to include the following information in the HTTP request header:

Authorization Header:

• Format: Bearer sk-xxxxxx (note there is a space between Bearer and the key)
• Example: Authorization: Bearer sk-5cyqtxxxxxdevjuiife5zpz8tsj

Status Code Description

The server will return the following status codes:

• 200 - 300: Request successful
• 401: Unauthorized (API Key is invalid or not provided)
• 403: Forbidden (API Key is valid but does not have permission to access the specific service)

Example response:

Security Recommendations

1. Secure Storage:

   • Store API Keys in a secure location
   • Do not save API Keys directly in code repositories
   • Use environment variables or configuration management systems to store Keys

2. Regular Rotation:

   • Periodically create new API Keys and update applications
   • Delete Keys that have been unused for extended periods
   • Rotate Keys immediately upon discovering security issues

3. Least Privilege:

   • Prioritize using model deployment-level Keys unless access to multiple models is truly necessary
   • Delete unnecessary Keys promptly
   • Regularly review the permission scope of Keys