Chuizi.AI
Chuizi.AI

API Key Security Best Practices

Your API key is the credential for accessing all Chuizi.AI services. If compromised, others can use your balance to make API calls. Follow these practices to keep your keys secure.

Key Format

Chuizi.AI API keys use the format ck- prefix followed by 32 alphanumeric characters, totaling 35 characters. Example:

ck-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keys are displayed only once at creation and cannot be recovered afterward. Save your key securely immediately after creation.

Never Hardcode Keys

Never embed API keys directly in source code:

example.py
python
# Wrong
client = OpenAI(api_key="ck-your-key-here")

# Correct
import os
client = OpenAI(api_key=os.environ["CHUIZI_API_KEY"])

If your repository is public, a hardcoded key is exposed immediately. Even in private repositories, avoid including credentials in code.

Use Environment Variables

Store keys in environment variables or .env files:

terminal
bash
# ~/.zshrc or ~/.bashrc
export CHUIZI_API_KEY=ck-your-key-here

# Or in a .env file at your project root
CHUIZI_API_KEY=ck-your-key-here

Make sure .env files are in your .gitignore:

# .gitignore
.env
.env.local
.env.*.local

Least Privilege

When creating a key, restrict its permissions:

  • Limit allowed models: Use the allowed_models field to restrict which models the key can access. For example, allow only anthropic/claude-sonnet-4-6 instead of all models.
  • Set an IP whitelist: Use ip_whitelist to restrict the key to specific IP addresses. Ideal for server-side deployments with static IPs.
  • Set a daily limit: Use daily_limit to cap daily spend. Even if the key leaks, the damage is bounded.
  • Set rate limits: Use rpm_limit to cap requests per minute.

Regular Rotation

Rotate your API keys every 90 days:

  1. Create a new key in the Dashboard
  2. Update all environment variables and configurations that use the old key
  3. Verify the new key works correctly
  4. Deactivate the old key in the Dashboard

During rotation, both keys can be active simultaneously for a zero-downtime transition.

Next Steps

  • API Key Format — Key structure, storage, and management reference
  • Data Handling — How Chuizi.AI handles your data and API key hashes
  • Sign Up — Create an account and generate your first API key