API Keys
API keys authenticate requests to BRICQS-managed endpoints and the BRICQS platform API. Every key belongs to a project and carries the permissions of the issuing user at the time of creation.
Creating an API key
Keys are created from the API Keys section of your project. You can also create them via the CLI:
bricqs keys create --project my-project --name "prod-backend" --scopes inference,logsThe key value is only shown once at creation time. Copy it immediately — it cannot be retrieved again.
Key scopes
inferenceCall model endpoints (/v1/chat/completions, /v1/embeddings). Read-only, no admin actions.logsRead deployment logs and runtime events via the Logs API.deployments:readRead deployment metadata, status, and metrics.deployments:writeCreate, start, stop, and delete deployments.adminFull platform access. Assign only to trusted server-side callers.Using a key
Pass the key as a Bearer token in the Authorization header:
bashcurl https://api.bricqsai.com/v1/deployments/list \
-H "Authorization: Bearer bq_live_xxxxxxxxxxxxxxxxxxxx"For model inference endpoints, the key goes in the same header:
pythonfrom openai import OpenAI
client = OpenAI(
base_url="https://<deployment-endpoint>/v1",
api_key="bq_live_xxxxxxxxxxxxxxxxxxxx",
)
response = client.chat.completions.create(
model="llama3:8b",
messages=[{"role": "user", "content": "Hello"}],
)Rate limiting per key
Set per-key rate limits to prevent a single caller from saturating your deployment:
requests_per_minuteRolling 60-second window. Enforced at the edge before the request reaches your model.requests_per_dayDaily cap, resets at 00:00 UTC. Useful for metering external consumers.tokens_per_minuteOutput token rate limit, rolling 60s. Guards against large-response flooding.Rate limit status is returned in every response:
textX-RateLimit-Limit: 60
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1720310460Revoking a key
bricqs keys revoke <key-id> --project my-projectRevocation is immediate — in-flight requests with the key may still complete, but new requests will receive a 401.
Key security
- Never commit keys to version control. Use BRICQS Secrets or your CI environment's secret store.
- Scope keys to the minimum permissions needed.
- Rotate keys at least quarterly and immediately after any suspected exposure.
- All key usage is logged in the Governance audit trail.