Authentication
API keys and security
Onysoft AI Gateway uses Bearer token authentication to verify API requests. On every API request, you must send your API key in the Authorization header.
API Key Format
Onysoft API keys start with the sk-ony- prefix and contain 48 hex characters:
sk-ony-ab824acfe047d4576799cc2d2a256e1aff4b0653306198bc
API Key Types
The system supports four different API key types. They all start in the same format (sk-ony-) but are issued from different sources:
| Type | Intended For | Balance Currency | Markup |
|---|---|---|---|
| User Key | End user creating it from the Dashboard (individual) | TL | Standard (50%) |
| Project Key | Organization projects (assigned by admin) | TL | Customizable |
| Partner Project Key | A partner's own projects (from the partner portal) | USD | Partner markup (50% default) |
| Partner Customer Key | A partner's end customers (from the partner portal) | TL | Partner customer markup (30% default) |
Important Note:
There is no difference for you, the API consumer — the same endpoints, the same parameters, the same response format. The key type is detected automatically on the backend, and balance deduction / logging / rate limiting are written to the correct table.
Using Your API Key
Send the Authorization header in the following format on every request:
Authorization: Bearer sk-ony-your-api-key
cURL Example
curl https://api.onysoft.com/v1/chat/completions \
-H "Authorization: Bearer sk-ony-your-api-key" \
-H "Content-Type: application/json" \
-d '{"model": "openai/gpt-4o-mini", "messages": [{"role": "user", "content": "Hi"}]}'
Security Recommendations
Protect Your API Key
- Never use your API key in frontend code
- Do not add your key to GitHub or other public repositories
- Store it as an environment variable
- Rotate your keys regularly
Using Environment Variables
# .env file
ONYSOFT_API_KEY=sk-ony-your-api-key
import os
from openai import OpenAI
client = OpenAI(
api_key=os.environ.get("ONYSOFT_API_KEY"),
base_url="https://api.onysoft.com/v1"
)
Key Management
From the Dashboard:
- Create new API keys
- View and delete existing keys
- See the last-used date for each key
- Create multiple keys to use for different projects