Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.inferoute.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

TokenHub authenticates every request using an API key passed as a Bearer token in the Authorization header. You generate API keys in the TokenHub dashboard and can create multiple keys for different environments, teams, or applications.

Generate an API key

  1. Sign in to your TokenHub dashboard at tokenhub.ai.
  2. Go to Settings → API Keys.
  3. Click New API key.
  4. Enter a descriptive name for the key (for example, production-app or dev-local).
  5. Optionally set an expiry date to limit how long the key remains valid.
  6. Click Create and copy the key immediately — it will not be shown again.
Copy your API key before closing the dialog. TokenHub stores only a hashed version of the key and cannot display it again after creation. If you lose a key, revoke it and create a new one.

Pass the API key in requests

Include your API key in the Authorization header of every request using the Bearer scheme. 
import os
from openai import OpenAI

client = OpenAI(
    base_url="https://api.tokenhub.ai/v1",
    api_key=os.environ["TOKENHUB_API_KEY"],
)

response = client.chat.completions.create(
    model="gpt-4o-mini",
    messages=[{"role": "user", "content": "Hello"}],
)

Use environment variables

Store your API key in an environment variable rather than hardcoding it in your application. The recommended variable name is TOKENHUB_API_KEY. 
export TOKENHUB_API_KEY="your_api_key_here"
For long-running applications, set the variable in your deployment environment (for example, in a .env file loaded by your framework, or through your cloud provider’s secrets manager).

Invalid and expired keys

If you provide a missing, malformed, or expired API key, TokenHub returns a 401 Unauthorized response: 
{
  "error": {
    "message": "Invalid API key provided.",
    "type": "authentication_error",
    "code": "invalid_api_key"
  }
}
Check the following if you receive a 401 error:
  • The Authorization header is present and uses the Bearer prefix.
  • The key was copied correctly with no leading or trailing whitespace.
  • The key has not expired (check Settings → API Keys in the dashboard).
  • The key has not been revoked.

Security best practices

  • Use environment variables — never hardcode an API key in source code or configuration files.
  • Never commit keys to version control — add .env and any secrets files to your .gitignore.
  • Create separate keys per environment — use distinct keys for development, staging, and production so you can revoke one without affecting the others.
  • Set expiry dates — use short-lived keys for CI pipelines and temporary integrations.
  • Rotate keys regularly — revoke and replace keys periodically, especially after a team member leaves or a potential exposure.
  • Limit key scope — if your use case allows, create keys with restricted permissions rather than full-access keys.
You can create as many API keys as you need. Using one key per application or service makes it easy to audit usage and revoke access for a single integration without disrupting others.

Manage your API keys

You can view, rename, and revoke API keys at any time from Settings → API Keys in the dashboard. For more on setting per-key rate limits and token budgets, see API key configuration.