API Keys

Overview

API keys authenticate your application’s requests to the Floopy gateway. Each key is scoped to your organization and can be individually configured with rate limits and routing rules.

All API keys follow the format flo_sk_live_ followed by a random string, for example:

flo_sk_live_xxxxxxxxxxxxxxxx

Creating an API Key

1. Go to Settings > API Keys in the dashboard.
2. Click Create API key.
3. Give the key a descriptive name (e.g., production-backend, staging-chatbot).
4. Configure rate limiting and routing rules (optional — you can update these later).
5. Click Create.

The full API key is displayed once. Copy it and store it securely — you will not be able to view it again. If you lose a key, revoke it and create a new one.

Using Your API Key

Pass the key as the apiKey (or Authorization: Bearer header) in your requests:

import { OpenAI } from "openai";

const client = new OpenAI({
  baseURL: "https://api.floopy.ai/v1",
  apiKey: process.env.FLOOPY_API_KEY,
});

const response = await client.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: "Hello" }],
});

console.log(response.choices[0].message.content);

from openai import OpenAI
import os

client = OpenAI(
    base_url="https://api.floopy.ai/v1",
    api_key=os.environ["FLOOPY_API_KEY"],
)

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello"}],
)

print(response.choices[0].message.content)

curl https://api.floopy.ai/v1/chat/completions \
  -H "Authorization: Bearer $FLOOPY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Store keys in environment variables, never in source code.

Rate Limiting

Each API key can have its own rate limit, expressed in requests per minute (RPM). When a key exceeds its limit, the gateway returns a 429 Too Many Requests response.

To configure rate limits:

1. Go to Settings > API Keys.
2. Click the key you want to edit.
3. Set the RPM limit field.
4. Save changes.

If no limit is set, the key uses your plan’s default rate limit.

You can also override the rate limit policy per-request using the floopy-ratelimit-policy header:

const response = await client.chat.completions.create(
  {
    model: "gpt-4o",
    messages: [{ role: "user", content: "Hello" }],
  },
  {
    headers: {
      "floopy-ratelimit-policy": "strict",
    },
  },
);

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello"}],
    extra_headers={
        "floopy-ratelimit-policy": "strict",
    },
)

curl https://api.floopy.ai/v1/chat/completions \
  -H "Authorization: Bearer $FLOOPY_API_KEY" \
  -H "Content-Type: application/json" \
  -H "floopy-ratelimit-policy: strict" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Assigning Routing Rules

You can associate a routing rule with each API key. This determines how the gateway routes requests made with that key — for example, using a fallback chain or weighted distribution across providers.

1. Go to Settings > API Keys.
2. Click the key you want to edit.
3. Select a Routing rule from the dropdown.
4. Save changes.

See the Routing guide for details on creating routing rules.

Revoking a Key

To revoke an API key:

1. Go to Settings > API Keys.
2. Find the key and click Revoke.
3. Confirm the action.

Revocation is immediate. Any request using the revoked key will receive a 401 Unauthorized response. This action cannot be undone — if you need access again, create a new key.

Best Practices

• Use separate keys for each environment (production, staging, development).
• Rotate keys periodically by creating a new key, updating your application, then revoking the old one.
• Set rate limits on every key to prevent runaway costs from bugs or abuse.
• Never commit keys to version control. Use environment variables or a secrets manager.