Skip to main content
TrayLinx uses two distinct types of API keys within a project: project API keys for authenticating calls to TrayLinx’s own APIs, and LLM API keys for connecting to external AI model providers such as OpenAI.

Project API keys vs LLM API keys

Project API keys

Authenticate requests to TrayLinx APIs on behalf of your project. Used in the Authorization: Bearer header. Scoped to a single project.

LLM API keys

Credentials for external model providers (for example, OpenAI). TrayLinx stores and uses these to route LLM requests through the proxy on your behalf.

Project API keys

Creating a project API key

1

Open your project settings

Navigate to your project and go to SettingsAPI Keys (path: /admin/projects/{projectId}/settings/api-keys).
2

Create a new key

Click Create API Key and provide:
  • Note — a descriptive label for the key (for example, Onboarding API Key, Production Backend, CI/CD Pipeline). Required.
  • Expires at — an optional expiration date (ISO 8601 format). Leave blank for a key that never expires.
3

Copy the secret key

After creation, TrayLinx returns the key value in meta.secretKey. Copy it immediately — it is shown only once.The response also includes:
  • data.id — the key’s unique ID, used for management operations
  • data.attributes.note — the label you provided
The secret key value is only returned at creation. If you lose it, delete the key and create a new one.

Using a project API key

Include the key as a Bearer token in the Authorization header of your API requests: 
curl https://api.makakoo.com/ma-llm-proxy-ms/v1/api/v1/chat/completions \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <your-secret-key>' \
  --data '{
    "model": "llama-3.3-70b-versatile",
    "messages": [{"role": "user", "content": "Hello"}],
    "stream": false
  }'

Rotating a project API key

TrayLinx does not support in-place rotation of a project API key. To rotate:
  1. Create a new key with the same note.
  2. Update all services using the old key to use the new secret.
  3. Delete the old key once all services have been updated.

Deleting a project API key

Navigate to SettingsAPI Keys, find the key by its note or ID, and click Delete. The key is revoked immediately — any requests using it will fail with a 401 Unauthorized response.
You can also update a key’s note without rotating it using the Edit action. This changes only the display label, not the secret value.

LLM provider API keys

LLM API keys let TrayLinx route AI model requests to external providers on your behalf. Your key is stored server-side; you do not embed it in client code.

Creating an LLM API key

1

Open LLM API keys settings

Navigate to SettingsLLM API Keys inside your project (path: /admin/projects/{projectId}/settings/llm-api-keys).
2

Add a provider key

Click Add LLM API Key and fill in:
FieldDescription
ProviderThe model provider (for example, openai, anthropic).
Secret keyYour API key from the provider’s dashboard.
Custom modelsOptional list of custom model identifiers to register alongside the provider’s defaults.
With default modelsWhether to include the provider’s standard model catalog. Defaults to true.
3

Save the key

Click Save. TrayLinx stores the key and associates the provider’s models with your project.

Deleting an LLM API key

Navigate to SettingsLLM API Keys, find the provider entry, and click Delete. Removing an LLM key disables all model requests that rely on that provider for your project.
Deleting an LLM API key immediately stops all AI model calls using that provider. Ensure you have a replacement key or alternative provider configured before deleting.

API key security best practices

Never commit API keys to version control. Use environment variables or a secrets manager:
export TRAYLINX_API_KEY="<your-secret-key>"
Reference the variable in your application code rather than hardcoding the value.
Create separate API keys for each service, environment, or integration. If one key is compromised, you can revoke it without affecting other services.Use descriptive notes to track which key belongs to which service:
  • Production API – backend service
  • Staging API – integration tests
  • CI/CD pipeline – GitHub Actions
For temporary integrations or contractor access, set an expires_at date when creating the key. Expired keys are automatically rejected — you do not need to remember to delete them manually.
Rotate project API keys on a regular schedule (for example, every 90 days) or immediately after a suspected exposure:
  1. Create a new key.
  2. Deploy updated credentials to all services.
  3. Verify services are functioning with the new key.
  4. Delete the old key.
Review your project’s usage metrics regularly. Unexplained spikes in request volume or errors from unfamiliar IP addresses may indicate a compromised key. Revoke and rotate immediately if you suspect unauthorized use.

Revoking API keys

Revoke a key immediately if you suspect it has been exposed:
  1. Navigate to SettingsAPI Keys in your project.
  2. Locate the key by its note or ID.
  3. Click Delete.
The key is invalid the moment you delete it. All subsequent requests using it receive a 401 Unauthorized response. Create a replacement key and deploy it before deleting the compromised one if continuous service is required.

Authentication & Security

JWT authentication, token refresh, and session management.

Sentinel Pass

OAuth credentials for agents with usage analytics and permission management.

Projects & Assets

Project setup, members, and settings.

Studio Tools

Build and deploy AI tools and agents.

Build docs developers (and LLMs) love

Get started for freeTalk to us