useLLM/ docs
Open appGet started
Core concepts

Authentication

Two distinct kinds of keys, with different threat models and different homes.

useLLM has two kinds of API keys. They live in different places and protect different things, so it's worth keeping them straight before anything else.

Gateway keyProvider key
Prefixul_live_*sk-proj-* / sk-ant-*
Issued byuseLLM (you generate it on /api-keys)OpenAI / Anthropic
Lives inYour application code or secret managerOnly useLLM (encrypted at rest)
Used to authenticateApp → useLLM gatewayuseLLM gateway → OpenAI / Anthropic
Storage in our DBSHA-256 hash only — the raw secret never persistsAES-256-GCM ciphertext, decrypted in-process per request
If compromisedRevoke from /api-keys; instant 401s for the leaked secretRotate at the provider; re-paste the new one on /providers

Gateway keys

Every request to api.usellm.io needs an Authorization: Bearer ul_live_… header. Issue keys from /api-keys and store them in your secret manager. The full secret is shown once on creation — we only retain a SHA-256 hash for lookup, so a leaked database doesn't leak active keys.

Calling the gatewaybash
curl https://api.usellm.io/v1/chat/completions \
  -H "Authorization: Bearer ul_live_XXXXXXXXXXXXXXXXXXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{ "model": "gpt-4o-mini", "messages": [...] }'

Provider keys

Connect provider keys on /providers. On save we probe the key against the provider once so you find out immediately if it's rejected. After that the key sits encrypted in Postgres — decryption happens only in-process when forwarding a request, never written back to disk.

  • OpenAI keys → header Authorization: Bearer … to api.openai.com.
  • Anthropic keys → header x-api-key: … to api.anthropic.com. The gateway also rewrites OpenAI-style messages into Anthropic's system + messages shape transparently.

Rotating a provider key

  1. Generate a fresh key at the provider's dashboard.
  2. Paste it into a new connection on /providers (e.g. name it production-2). Verify it shows Verified.
  3. Optionally wait for traffic to switch over (the gateway picks the most recently active connection per provider — see Routing).
  4. Revoke the old connection. No app redeploy needed.