Docs/User Dashboard/API Key Management

API Key Management

An API Key (prefix cpk_) is a credential issued by CodePus to your account. It lets the CodePus IDE client — or any OpenAI-compatible third-party tool — access the official CodePus AI gateway under your identity. It is not the place to enter API keys for upstream providers (OpenAI / Claude / DeepSeek / …); those are configured by an administrator under /admin/settings/ai.

What it does

  • Authenticates calls from CodePus IDE / scripts / CI to the CodePus AI gateway (proxyBaseUrl).
  • Every call is metered against your account’s plan quota, surfaced in real time on Usage and Billing.
  • Each key can be named, given an expiration, and revoked individually — ideal for per-device, per-script, or per-employee separation.
  • Security model

  • A key’s full secret is shown exactly once at creation time. The server only persists a SHA-256 hash plus the prefix (cpk_xxxxxxxx); the original cannot be recovered.
  • Up to 20 keys per account; expiration must fall within 1–365 days (omit it for a non-expiring key).
  • Any key that has leaked or left a controlled environment must be deleted here immediately. Deletion is revocation — subsequent calls return 401 instantly.
  • How to create one

  • Open Dashboard → 🔑 API Key Management (this page, /dashboard/api-keys).
  • Click Create Key, give it a recognizable name (e.g. My Laptop IDE, CI Bot).
  • The full key (cpk_xxxxxxxx…) appears once — copy it now and store it in a password manager. Closing the dialog destroys your only chance to view it.
  • Use it in CodePus IDE

  • Open the IDE and go to Settings → Account.
  • Paste the cpk_… value into the API Key field.
  • Set Base URL to the proxyBaseUrl shown on the Dashboard home "API Endpoint" panel (in production this is typically https://api.codepus.ai/v1).
  • Save. AI chat, completions, and Agent features now work, with quota changes reflected on Usage.
  • Use it in scripts / third-party programs

    The gateway speaks OpenAI Chat Completions. cURL example:
    curl https://api.codepus.ai/v1/chat/completions \   -H "Authorization: Bearer cpk_your_key" \   -H "Content-Type: application/json" \   -d '{     "model": "gpt-4o-mini",     "messages": [{"role": "user", "content": "hello"}]   }' 
    Node.js / OpenAI SDK:
    import OpenAI from "openai"; const client = new OpenAI({   apiKey: process.env.CPK_KEY,                  // cpk_xxx   baseURL: "https://api.codepus.ai/v1", }); const res = await client.chat.completions.create({   model: "gpt-4o-mini",   messages: [{ role: "user", content: "hi" }], }); 

    Field reference

    FieldMeaning
    NameFree-form label you give the key, useful for telling them apart Prefixcpk_xxxxxxxx…** — safe to show in logs / lists CreatedWhen you created the key Last usedThe most recent successful call carrying this key (helps spot idle keys) ExpiresAfter this time the gateway rejects the key automatically Active / DisabledDisabled means you deleted it or admin tooling revoked it

    FAQ

    Can I view a created key’s full value again? No. We only store the hash. Save it in a password manager; if you lost it, delete the key and create a new one.
    Can the same key be used on multiple machines? Technically yes, but one key per device / script is strongly recommended so you can revoke just one device when needed and contain leaks.
    Are calls billed per key? No. All keys feed into the same account’s plan quota and usage tally — keys are identities, not wallets.
    Why am I getting 401? Common causes: key was deleted, expired, mis-copied, or pasted with a third-party provider’s Base URL (must be your proxyBaseUrl, not OpenAI’s public endpoint).
    "API key limit reached (20)" — what now?** Delete unused keys on this page, then create a new one.

    Related pages

  • Dashboard home — see your proxyBaseUrl and plan summary
  • Usage — per-key call counts, tokens and cost
  • Billing — upgrade plan to lift quotas
  • Security — change password, manage signed-in devices