跳转到主要内容

Documentation Index

Fetch the complete documentation index at: https://docs.metask.ai/llms.txt

Use this file to discover all available pages before exploring further.

Your API key is the credential that authenticates every request you send to 元任务 AI 网关. The gateway accepts keys in the standard Authorization: Bearer header, making it compatible with any OpenAI-compatible library or tool. You can create multiple keys to isolate access by project, environment, or team member, and revoke any key instantly from the dashboard.

Create an API key

1

Open the dashboard

Log in at napi.origintask.cn and go to your dashboard.
2

Navigate to keys

Click Settings in the sidebar, then select the API Keys or Tokens section.
3

Create a new key

Click Create Key (or New Token). Enter a descriptive name — for example, production-app or dev-laptop — so you can identify the key later.
4

Copy the key immediately

The full key value is shown only once. Copy it now and save it somewhere secure, such as a password manager or a secrets vault.
The API key is displayed only at creation time. If you navigate away without copying it, you cannot retrieve it again — you must create a new key.

Use the API key in requests

Pass your key as a Bearer token in the Authorization header of every request. 
curl https://napi.origintask.cn/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Manage multiple keys

You can create as many keys as you need. A common pattern is to create separate keys for each environment or application so that you can rotate or revoke one key without affecting others.

Per-environment keys

Create one key for development and a separate key for production. Rotate them independently without disrupting the other environment.

Per-project keys

Give each project or integration its own key. If a project is decommissioned, delete only that key to immediately cut off access.

Rotate a key

Key rotation replaces an existing key with a new one to limit the impact of a potential leak.
1

Create a replacement key

Follow the steps above to create a new key with a clear name indicating it is the replacement.
2

Update your applications

Replace the old key value with the new one in every application, service, or environment variable that uses it.
3

Delete the old key

Once all applications are using the new key, delete the old one from the dashboard to permanently revoke it.

Delete a key

To revoke a key, open the API Keys section in the dashboard, locate the key in the list, and click Delete (or the trash icon). Deletion takes effect immediately — any request using that key will be rejected with a 401 Unauthorized error.
Deleting a key is irreversible. Make sure no running application is still using the key before you delete it, or those applications will stop working immediately.

Security best practices

Protecting your API keys prevents unauthorized usage and unexpected charges against your balance.
  • Use environment variables — Store keys in environment variables or a secrets manager instead of hardcoding them in source files.
  • Never commit keys to source control — Add .env files to .gitignore and audit your repository history if a key was accidentally committed.
  • Create separate keys per environment — Use different keys for development, staging, and production so a leaked dev key cannot affect production.
  • Rotate keys periodically — Replace keys on a regular schedule or immediately after any suspected exposure.
  • Delete unused keys — Remove keys for deprecated projects or former team members right away to minimize the attack surface.
If you suspect a key has been compromised, delete it from the dashboard immediately. The revocation is instantaneous, stopping any further unauthorized use.