For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
ModelsChatRankingsDocs
DocsAPI ReferenceClient SDKsAgent SDKCookbookChangelog
DocsAPI ReferenceClient SDKsAgent SDKCookbookChangelog
  • API Guides
    • Overview
    • Streaming
    • Embeddings
    • Limits
    • Authentication
    • Parameters
    • Errors and Debugging
  • API Reference
LogoLogo
ModelsChatRankingsDocs
On this page
  • Using an API key
  • If your key has been exposed
API Guides

Authentication

API Authentication
Was this page helpful?
Previous

Parameters

Next
Built with

You can cover model costs with OpenRouter API keys.

Our API authenticates requests using Bearer tokens. This allows you to use curl or the OpenAI SDK directly with OpenRouter.

API keys on OpenRouter are more powerful than keys used directly for model APIs.

They allow users to set credit limits for apps, and they can be used in OAuth flows.

Using an API key

To use an API key, first create your key. Give it a name and you can optionally set a credit limit.

If you’re calling the OpenRouter API directly, set the Authorization header to a Bearer token with your API key.

If you’re using the OpenAI Typescript SDK, set the api_base to https://openrouter.ai/api/v1 and the apiKey to your API key.

1import { OpenRouter } from '@openrouter/sdk';
2
3const openRouter = new OpenRouter({
4  apiKey: '<OPENROUTER_API_KEY>',
5  httpReferer: '<YOUR_SITE_URL>', // Optional. Site URL for rankings on openrouter.ai.
6  appTitle: '<YOUR_SITE_NAME>', // Optional. Site title for rankings on openrouter.ai.
7});
8
9const completion = await openRouter.chat.send({
10  model: 'openai/gpt-5.2',
11  messages: [{ role: 'user', content: 'Say this is a test' }],
12  stream: false,
13});
14
15console.log(completion.choices[0].message);

To stream with Python, see this example from OpenAI.

If your key has been exposed

You must protect your API keys and never commit them to public repositories.

OpenRouter is a GitHub secret scanning partner, and has other methods to detect exposed keys. If we determine that your key has been compromised, you will receive an email notification.

If you receive such a notification or suspect your key has been exposed, immediately visit your key settings page to delete the compromised key and create a new one.

Using environment variables and keeping keys out of your codebase is strongly recommended.