Skip to main content
The Gateway uses bearer tokens for authentication. Every request must include a valid API key issued from your workspace. Keys scope access to specific features, letting you separate environments or team responsibilities.

API keys

  • API Keys are scoped to all models and providers available to your organisation.
  • Provisioning keys (coming soon) allow you to manage your API keys programatically.
  • Rotation is manual today, but you can create a new key at any time without downtime.
Keys follow the format aistats_v1_k_xx_xxx. Treat them like passwords and avoid storing them in client-side code or public repositories.

Request headers

Include the key in the Authorization header on every request: 
Authorization: Bearer aistats_v1_k_ab_cdefghijklmnop
Most HTTP clients expose a dedicated configuration property. For example, with fetch: 
const response = await fetch(
	"https://api.ai-stats.phaseo.app/v1/chat/completions",
	{
		method: "POST",
		headers: {
			Authorization: `Bearer ${process.env.AI_STATS_API_KEY}`,
			"Content-Type": "application/json",
		},
		body: JSON.stringify({
			model: "gpt-5-nano-2025-08-07",
			messages: [
				{ role: "system", content: "You are a helpful assistant." },
				{
					role: "user",
					content: "Summarise the drawbacks to AI.",
				},
			],
		}),
	}
);

Key management

PracticeWhy it matters
Use one key per appMakes it easy to rotate without affecting other services.
Store keys securelySecrets managers prevent accidental exposure in logs or error tracking.
Monitor usageThe dashboard shows per-key metrics so you can detect anomalies quickly.
Remove unused keysDeleting stale keys reduces the surface area for potential abuse.

Troubleshooting

  • 401 Unauthorized — The key is missing, invalid, or belongs to a disabled workspace.
  • 403 Forbidden — The key exists but cannot access the requested provider or model. Check your plan or contact support.
  • 429 Too Many Requests - You exceeded a rate limit. See the Rate limits guide.
  • 5xx errors — Retry with exponential backoff and report persistent issues via the support channel.