# Authentication API keys handle billing for model usage on the InteractiveAI Router. ### How Authentication Works The Router authenticates requests via Bearer tokens in the Authorization header. This approach enables direct usage with `curl` or compatibility with the OpenAI SDK. API keys on the InteractiveAI Router offer more functionality than provider-specific keys. They support configurable credit limits for applications and can be integrated into OAuth flows. ### Using an API key First, generate a key from your account. Assign a name and optionally configure a credit limit. When calling the Router API directly, include your key as a Bearer token in the Authorization header. When using the OpenAI SDK, set the base URL to `https://app.interactive.ai/api/v1` and provide your key as the `apiKey` parameter. {% tabs %} {% tab title="Python (OpenAI SDK)" %} ```python from openai import OpenAI client = OpenAI( base_url="https://app.interactive.ai/api/v1", api_key="", ) response = client.chat.completions.create( model="openai/gpt-4o", messages=[ {"role": "system", "content": "You are a data analysis assistant."}, {"role": "user", "content": "Summarize the key metrics from this dataset."} ], ) reply = response.choices[0].message ``` {% endtab %} {% tab title="cURL" %} ```shell curl https://app.interactive.ai/api/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $LLMROUTER_API_KEY" \ -d '{ "model": "openai/gpt-4o", "messages": [ {"role": "system", "content": "You are a data analysis assistant."}, {"role": "user", "content": "Identify trends in this quarterly report."} ] }' ``` {% endtab %} {% endtabs %} ### Compromised Keys Never expose API keys in public repositories or client-side code. InteractiveAI participates in GitHub's secret scanning program and employs additional detection methods for exposed credentials. If a compromise is detected, you will receive an email notification. Upon notification, or if you suspect exposure, immediately visit your key settings page to revoke the compromised key and generate a replacement. Store keys in environment variables and exclude them from version control.