We use cookies to enhance your experience and measure how the site performs. Choose "Essential Only" to disable analytics. Read our Privacy Policy.

    Odeus Docs

    API Key Best Practices

    Keep your Odeus API keys safe and secure with these best practices for key management.

    API Key Best Practices

    Keep your Odeus API keys safe and secure with these best practices for key management.

    API keys are sensitive credentials that provide access to your Odeus account and resources. Protecting them is essential to maintain the security of your applications and data. This guide outlines best practices for managing your Odeus API keys safely.

    • Manage Your API Keys — Create, view, and revoke API keys in Workspace Settings → Products → API.

    Why API Key Security Matters

    Your Odeus API keys grant access to your account's AI capabilities and data. If compromised, unauthorized users could:

    • Access your Odeus resources and incur unexpected costs
    • Expose sensitive data processed through your applications
    • Abuse your account for malicious purposes
    • Violate your organization's compliance requirements

    Best Practices for API Key Management

    Never Hardcode API Keys

    Don't do this:

    from openai import OpenAI

client = OpenAI(
    base_url="https://api.odeus.ai/openai/eu/v1",
    api_key="sk-ld-a1b2c3d4e5f6g7h8i9j0..."  # Never do this!
)

    Hardcoding API keys in your source code exposes them to anyone with access to your codebase, including version control history.

    Use Environment Variables

    Store your API keys in environment variables rather than in your code. This separates configuration from code and makes it easier to manage different keys across environments.

    Do this instead:

    1. Create a .env file in your project directory and add your API key:

    ODEUS_API_KEY=your-api-key-here

    2. Install the python-dotenv package:

    pip install python-dotenv

    3. Load your API key into your Python script:

    from dotenv import load_dotenv
from openai import OpenAI
import os

load_dotenv()

client = OpenAI(
    base_url="https://api.odeus.ai/openai/eu/v1",
    api_key=os.environ.get("ODEUS_API_KEY")
)

    Keep Keys Out of Version Control

    Add files containing sensitive credentials to your .gitignore file to prevent accidentally committing them:

    # .gitignore
.env
.env.local
config/secrets.yml
credentials.json

    Use Different Keys for Different Use Cases

    Create separate API keys for different applications, environments, or teams. This practice:

    • Limits the impact if a key is compromised
    • Helps track usage by application or team
    • Makes key rotation easier
    • Provides better audit trails

    For example, use separate keys for:

    • Development vs. production environments
    • Different applications using the Odeus API
    • Different teams or departments in your organization

    Never Expose API Keys in Browser Requests

    Important: Odeus does not support browser-based API requests. The Odeus API is designed exclusively for server-to-server communication. Attempting to make direct API calls from a browser will result in CORS (Cross-Origin Resource Sharing) errors.

    API keys should never be exposed in client-side code because they would be:

    • Visible in browser network traffic
    • Accessible through browser developer tools
    • Extractable from JavaScript source code
    • Exposed to any user of your application

    Your backend server should securely store the API key using the best practices described above and make requests to Odeus on behalf of your users.

    Implement Key Rotation

    Regularly rotate your API keys to minimize the risk of long-term exposure:

    1. Generate a new API key
    2. Update your applications to use the new key
    3. Monitor to ensure the transition is successful
    4. Revoke the old key after confirming the new one works

    We recommend rotating keys at least every 90 days, or immediately if you suspect compromise.

    Monitor Usage and Set Limits

    Regularly review your API usage in the Odeus dashboard to detect any unusual patterns that might indicate a compromised key. Set up usage alerts and spending limits where possible to protect against unexpected charges from leaked keys.

    What to Do If Your API Key Is Compromised

    If you suspect your API key has been exposed:

    1. Immediately revoke the key in your API settings
    2. Generate a new key
    3. Update your applications to use the new key
    4. Review your account activity for any unauthorized usage
    5. Contact Odeus support if you notice suspicious activity
    6. Document the incident for your security records

    Need Help?

    If you have questions about API key security or need assistance with your Odeus account:

    • Contact our support team at [email protected]
    • Review our Terms of Service and Privacy Policy for additional information

    Remember: API key security is an ongoing practice, not a one-time setup. Regular review and updates to your security measures will help keep your Odeus account and applications safe.