BrainUs LogoBrainUs AI
Authentication

Managing API Keys

Create, rotate, and revoke API keys

Learn how to create, manage, rotate, and revoke your API keys for secure access to the BrainUs API.

Creating API Keys

Subscription Required: You must have an active developer subscription (Free or paid) before creating API keys. The API key will match your current plan.

Subscribe to a Plan

If you don't have an active subscription, go to Upgrade and subscribe to a Free or paid plan. No credit card required for the Free plan!

Navigate to Dashboard Go to [Dashboard → API

Keys](https://developers.brainus.lk/dashboard/api-keys)

### Generate New Key Click "Create API Key" button

Name Your Key Give your key a descriptive name (e.g., "Production Server",

"Development", "Staging")

Copy Immediately

Important: Copy your key immediately - you won't be able to see it again!

Plan Assignment

When you create an API key, it automatically matches your current subscription plan. Your key inherits the rate limits and features from your active plan.

If you upgrade your subscription, newly created keys will use the upgraded plan. Existing keys continue to use their original plan.

If you don't have an active subscription, the "Create API Key" button will be disabled. Subscribe to a plan first at Upgrade.

Key Naming Best Practices

Use descriptive names that indicate:

  • Environment: prod-api-server, dev-local, staging-app
  • Purpose: backend-api, mobile-app, data-pipeline
  • Owner/Team: frontend-team, john-dev, analytics

Good naming makes it easier to identify which key to rotate or revoke when needed.

Rotating API Keys

Regularly rotate your keys for security:

# 1. Generate a new key
NEW_KEY=$(brainus keys create --name "production-v2")

# 2. Update your application with new key
export BRAINUS_API_KEY=$NEW_KEY

# 3. Deploy and verify new key works
# 4. Revoke old key after successful deployment
brainus keys revoke key_old_abc123

Rotation Schedule

EnvironmentRecommended Frequency
ProductionEvery 90 days
StagingEvery 6 months
DevelopmentYearly or as needed

Revoking API Keys

Revoke keys immediately if:

  • Compromised: Key was exposed publicly
  • Employee departure: Team member leaves
  • No longer needed: Deprecated project or service
  • Suspicious activity: Unusual usage patterns detected

How to Revoke

  1. Go to Dashboard → API Keys
  2. Find the key to revoke
  3. Click "Revoke"
  4. Confirm the action

Revoking a key is immediate and irreversible. All requests using that key will fail instantly.

Key Limits by Plan

PlanMax API Keys
Free3
Pro10
EnterpriseUnlimited

Viewing Key Usage

Track which keys are being used:

# View usage per key
brainus usage --key-id key_abc123 --last 7d

In the dashboard, you can see:

  • Last used timestamp
  • Total requests made
  • Current rate limit status
  • Geographic usage patterns (Enterprise)

Unused keys for 90+ days are flagged for review. Consider revoking them to reduce security risk.

Next Steps

Authentication

Learn how to authenticate and manage your API keys securely

Security Best Practices

Keep your API keys secure and protect your application

On this page

Creating API Keys
Subscribe to a Plan
Navigate to Dashboard Go to [Dashboard → API
Name Your Key Give your key a descriptive name (e.g., "Production Server",
Copy Immediately
Plan Assignment
Key Naming Best Practices
Rotating API Keys
Rotation Schedule
Revoking API Keys
How to Revoke
Key Limits by Plan
Viewing Key Usage
Next Steps