MODELBRIDGE

API Keys

API keys are how you authenticate with the ModelBridge proxy. Each key is tied to your account (or a team) and tracks usage independently.

Creating a key

  1. Go to API Keys in your dashboard
  2. Click Create API Key
  3. Give it a descriptive name (e.g., "Cursor - work laptop", "CI/CD pipeline")
  4. Optionally set a spending limit and expiration date
  5. If you belong to a team, choose whether this is a personal key or a team key
  6. Click Create and copy the key immediately

Your API key is only shown once at creation time. ModelBridge stores a SHA-256 hash -- the original key cannot be recovered. If you lose it, revoke it and create a new one.

Key properties

PropertyDescription
NameA human-readable label for identification
Last 4 charactersShown in the dashboard to help identify keys
Statusactive, revoked, expired, or limit_reached
Spending limitOptional cap in AUD. Key stops working when reached.
ExpirationOptional expiry date. Key returns 401 after this date.
TeamIf set, spend is charged to the team's balance instead of your personal balance

Personal vs team keys

Personal keys

  • Spend is deducted from your personal balance (plan included usage, then prepaid, then overage)
  • Only you can see and manage these keys

Team keys

  • Spend is deducted from the team's shared balance
  • Any team member with appropriate permissions can create team keys
  • Team admins can see all team keys and their usage

Select the team context when creating a key to make it a team key.

Managing keys

Revoking a key

Click the Revoke button next to any key in your dashboard. Revoked keys immediately stop working and cannot be reactivated.

Spending limits

Set a spending limit when creating a key, or update it later. When a key's cumulative spend reaches the limit:

  • The key returns a 429 error
  • The key status changes to limit_reached
  • You can increase the limit to restore access

Expiration

Keys with an expiration date automatically stop working after that date. This is useful for:

  • Temporary contractor access
  • Time-limited project keys
  • Security rotation policies

Best practices

  1. Use descriptive names. "cursor-macbook" is better than "key1".
  2. Set spending limits on all keys, especially automated pipeline keys.
  3. Use team keys for shared projects instead of sharing personal keys.
  4. Rotate keys periodically. Revoke old keys and create new ones.
  5. Never commit keys to git. Use environment variables or a secrets manager.
  6. One key per tool. Create separate keys for Cursor, CI/CD, scripts, etc. This makes it easy to track usage and revoke access.

Was this page helpful?