Your provider key is forwarded to the provider verbatim and never stored. Toolken keeps only a one-way hash of your Toolken key.
Two keys, two jobs
Toolken key
tk_live_...Sent in X-Toolken-Key.Authenticates you to Toolken. Create and revoke in the dashboard.Provider key
sk-... / sk-ant-...Sent in Authorization: Bearer (OpenAI-compatible) or x-api-key (Anthropic).Your existing provider key. Forwarded untouched.Where each key goes
X-Toolken-* headers before forwarding. Everything else, including your provider auth, passes through unchanged.
Managing keys
- A key’s full value is shown once at creation. Store it securely.
- Toolken keeps only a one-way hash. The raw value is never stored.
- Revoking a key takes effect within about a minute.
1
Create a new key
Go to the dashboard under API Keys and generate a new Toolken key.
2
Deploy it
Update your app or service to send the new key in
X-Toolken-Key.3
Revoke the old one
Delete the previous key from the dashboard. It stops working within about a minute.
Signing in to the dashboard is separate from your Toolken API key. The API key is only for routing traffic through the gateway.
When authentication fails
See Troubleshooting for the full list.
What’s next
Observability
See what the two keys buy you: cost, usage, and performance per agent, feature, and customer.
Quickstart
Make your first request.