OhMyGPT
Security & Access

API Keys

Create, manage, and programmatically provision API keys.

API keys authenticate requests to OhMyGPT. Each key is tied to your account and can be configured with specific permissions and limits.

Creating an API key

  1. Log in to your account at next.ohmygpt.com
  2. Navigate to API Keys
  3. Click "Create new key"
  4. Set a name and optional credit limit
  5. Copy the key immediately — it will not be shown again

Protect your API keys. Never commit them to public repositories or share them in client-side code. Use environment variables to keep keys secure.

Using API keys

Include your API key in the Authorization header as a Bearer token:

curl https://api.ohmygpt.com/v1/chat/completions \
  -H "Authorization: Bearer $OHMYGPT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4o", "messages": [{"role": "user", "content": "Hello"}]}'

With the OpenAI SDK:

from openai import OpenAI

client = OpenAI(
    base_url="https://api.ohmygpt.com/v1",
    api_key="<OHMYGPT_API_KEY>",
)

Key permissions

API keys can be configured with specific model permissions. By default, keys have access to all models. You can restrict a key to specific models or model families in the key settings.

Programmatic key management

For applications that need to create or manage keys programmatically (e.g., SaaS platforms provisioning keys for customers), OhMyGPT provides a Key Management API.

Prerequisites

To use the Key Management API, you need an API key with administrator privileges. Create this key in the dashboard — admin privileges cannot be granted via the API for security reasons.

API endpoints

EndpointMethodDescription
/api/v1/user/admin/get-api-tokensPOSTList all API keys
/api/v1/user/admin/create-api-tokenPOSTCreate a new API key
/api/v1/user/admin/update-api-tokenPOSTUpdate an API key
/api/v1/user/admin/delete-api-tokenPOSTDelete an API key

Example: List all keys

import requests

response = requests.post(
    "https://api.ohmygpt.com/api/v1/user/admin/get-api-tokens",
    headers={
        "Authorization": "Bearer <ADMIN_API_KEY>",
        "Content-Type": "application/x-www-form-urlencoded"
    }
)

keys = response.json()

Rate limits

Rate limits are determined by your account tier based on cumulative recharge amount:

TierCumulative RechargeRate Limit
Free¥0+60 requests/min
VIP¥20+1,200 requests/min
Premium¥300+10,000 requests/min

The system automatically assigns your tier based on recharge history.

Limits and best practices

LimitValue
Maximum keys per account5,000
Key creation rate10 requests/second
Key listing rate1 request/second

Best practices:

  • Create separate keys for different applications or environments
  • Set credit limits on keys to prevent unexpected charges
  • Rotate keys periodically
  • Revoke unused keys promptly

How is this guide?

Last updated on

OAuth (WIP)

Work in progress — outline placeholder

BYOK (WIP)

Work in progress — outline placeholder

On this page

Creating an API key
Using API keys
Key permissions
Programmatic key management
Prerequisites
API endpoints
Example: List all keys
Rate limits
Limits and best practices