Skip to main content
PromptGuard uses API keys to authenticate requests. Your API key carries many privileges, so be sure to keep it secure!

Creating API Keys

  1. Log in to app.promptguard.co
  2. Select your project
  3. Navigate to Projects → API Keys
  4. Click Create API Key
  5. Name your key (e.g., “Production App”, “Development”)
  6. Copy the key immediately - it won’t be shown again
Store your API key securely! Once you navigate away, you won’t be able to see the full key again.

Via Dashboard UI

API key management is done through the dashboard UI. Navigate to app.promptguard.co → Projects → API Keys to create, view, and manage your API keys.

Using API Keys

In Headers

Include your PromptGuard API key in the X-API-Key header: 
X-API-Key: your_api_key_here
For direct API calls (not using SDKs), you’ll also need your LLM provider key in the Authorization header: 
X-API-Key: your_api_key_here
Authorization: Bearer sk_your_openai_key_here

Environment Variables

Store your API key in environment variables, not in your code: 
# Never commit this file to version control
PROMPTGUARD_API_KEY=your_api_key_here

API Key Scope

API keys are scoped to specific projects. Each key provides access to:
  • Make AI requests through the proxy endpoint (/api/v1/chat/completions, etc.)
  • View usage and analytics for the associated project
  • Inherit project security settings (presets and custom policies)
Create separate API keys for different environments (development, staging, production) by creating separate projects for each environment.

Key Management Best Practices

  • One key per environment: Use different projects and keys for dev/staging/prod
  • Rotate regularly: Create new keys and delete old ones every 90 days
  • Monitor usage: Check dashboard regularly for unusual activity
  • Store securely: Never commit keys to version control

Key Management

Listing Keys

View all your API keys through the dashboard UI at app.promptguard.co → Projects → API Keys.

Rotating Keys

Regularly rotate your API keys for security:
  1. Create a new API key
  2. Update your applications to use the new key
  3. Test thoroughly
  4. Delete the old key

Deleting Keys

Delete API keys through the dashboard UI at app.promptguard.co → Projects → API Keys → [Select Key] → Delete.

Security Best Practices

✅ Do

  • Use environment variables for API keys
  • Rotate keys regularly (every 90 days)
  • Use separate keys for different environments
  • Grant minimal permissions required
  • Monitor key usage in the dashboard
  • Delete unused keys immediately

❌ Don’t

  • Never commit keys to version control
  • Don’t share keys between team members
  • Don’t use production keys in development
  • Don’t log API keys in application logs
  • Don’t embed keys in client-side code

Development vs Production

Use separate API keys for different environments: 
PROMPTGUARD_API_KEY=your_api_key_here

Rate Limits

API keys are subject to monthly usage limits based on your subscription plan:
PlanMonthly LimitType
Free10,000 requestsHard limit (blocks when exceeded)
Pro100,000 requestsHard limit (blocks when exceeded)
Scale1,000,000 requestsSoft limit (alerts only, never blocks)
Infrastructure Rate Limiting: Cloud Armor enforces 100 requests per minute per IP address at the infrastructure level. This is separate from your monthly subscription limits.Monthly limits are per user account (across all API keys). For higher limits, contact [email protected].

Troubleshooting

Having issues with authentication? See our troubleshooting guide for common solutions.

Rate Limited Error

{
  "error": {
    "message": "Rate limit exceeded",
    "type": "rate_limit_error",
    "code": "too_many_requests"
  }
}
How to fix this:
  1. Implement exponential backoff in your code to retry requests with increasing delays: 
    // Example: Wait 1s, then 2s, then 4s before retrying
const delay = Math.pow(2, retryCount) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
  2. Distribute requests across multiple API keys to stay within per-key limits
  3. Check your current usage in the dashboard to see how close you are to your limits
  4. Upgrade your plan if you consistently hit rate limits:

Next Steps

Make Your First Request

Test your API key with a simple request

Integration Guides

Language-specific setup instructions

Security Policies

Configure protection for your use case

Usage Monitoring

Track API usage and security events