Managing API Keys

Learn how to create, manage, rotate, and revoke your API keys for secure access to the BrainUs API.

Creating API Keys

Key Naming Best Practices

Use descriptive names that indicate:

• Environment: prod-api-server, dev-local, staging-app
• Purpose: backend-api, mobile-app, data-pipeline
• Owner/Team: frontend-team, john-dev, analytics

Rotating API Keys

Regularly rotate your keys for security:

# 1. Generate a new key
NEW_KEY=$(brainus keys create --name "production-v2")

# 2. Update your application with new key
export BRAINUS_API_KEY=$NEW_KEY

# 3. Deploy and verify new key works
# 4. Revoke old key after successful deployment
brainus keys revoke key_old_abc123

Rotation Schedule

Revoking API Keys

Revoke keys immediately if:

• Compromised: Key was exposed publicly
• Employee departure: Team member leaves
• No longer needed: Deprecated project or service
• Suspicious activity: Unusual usage patterns detected

How to Revoke

1. Go to Dashboard → API Keys
2. Find the key to revoke
3. Click "Revoke"
4. Confirm the action

Key Limits by Plan

Viewing Key Usage

Track which keys are being used:

# View usage per key
brainus usage --key-id key_abc123 --last 7d

In the dashboard, you can see:

• Last used timestamp
• Total requests made
• Current rate limit status
• Geographic usage patterns (Enterprise)

Next Steps

• Security Best Practices - Keep your keys safe
• Environment Setup - Configure your development environment