Appearance

API Keys

API keys authenticate your requests to SandBase. This guide covers how to create keys, use them in requests, and keep them secure.

Creating an API Key

  1. Log in to the SandBase Console
  2. Navigate to API Keys in the sidebar (or go to console/keys directly)
  3. Click Create API Key
  4. Enter a descriptive name (e.g., "Production Server", "Local Development")
  5. Click Create
  6. Copy the key immediately — it will only be displayed once

Important

Your API key is shown only once at creation time. If you lose it, you'll need to create a new one. Store it securely before closing the dialog.

Key Format

All SandBase API keys use the prefix sk-sb- followed by a random string:

sk-sb-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This prefix makes it easy to identify SandBase keys in your codebase and helps secret scanning tools detect accidental exposure.

Authentication Methods

SandBase supports two ways to pass your API key in requests:

Use the standard Authorization: Bearer header. This is compatible with the OpenAI and Anthropic SDKs:

bash
curl https://api.sandbase.ai/v1/chat/completions \
  -H "Authorization: Bearer sk-sb-YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "deepseek/deepseek-v3", "messages": [{"role": "user", "content": "Hi"}]}'

x-api-key Header

Alternatively, use the x-api-key header. This is the native Anthropic authentication style:

bash
curl https://api.sandbase.ai/v1/messages \
  -H "x-api-key: sk-sb-YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "anthropic/claude-sonnet-4-20250514", "max_tokens": 1024, "messages": [{"role": "user", "content": "Hi"}]}'

TIP

When both headers are present, x-api-key takes priority. In practice, just pick one method and use it consistently.

Key Permissions

SandBase API keys are scoped at the organization level:

  • A key grants access to all models available on the platform
  • Usage is billed to the organization that owns the key
  • Any team member with console access can create keys for the organization
  • There is no per-model or per-endpoint restriction on keys (all keys have full access)

Key Expiration and Revocation

Expiration

When creating a key, you can optionally set an expiration date. Once expired, the key will stop working and requests will return a 401 Unauthorized error.

Keys without an expiration date remain valid until manually revoked.

Revoking a Key

To revoke (disable) a key:

  1. Go to Console → API Keys
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the action

Revoked keys immediately stop working. Any in-flight requests using the key will fail. This action cannot be undone — you'll need to create a new key if you revoke one by mistake.

Security Best Practices

Never commit keys to version control

Use environment variables or a secrets manager instead:

bash
# .env file (add to .gitignore!)
SANDBASE_API_KEY=sk-sb-your-key-here
python
import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["SANDBASE_API_KEY"],
    base_url="https://api.sandbase.ai/v1"
)
javascript
import OpenAI from 'openai';

const client = new OpenAI({
  apiKey: process.env.SANDBASE_API_KEY,
  baseURL: 'https://api.sandbase.ai/v1',
});

Use separate keys for different environments

Create distinct keys for development, staging, and production. This way you can revoke a compromised development key without affecting production.

Rotate keys regularly

Periodically create new keys and retire old ones. This limits the window of exposure if a key is leaked.

Monitor usage

Check the Console dashboard regularly for unexpected usage spikes, which could indicate a compromised key.

Set expiration dates

For temporary access (CI/CD pipelines, contractor access, demos), set an expiration date so the key automatically stops working.

Troubleshooting

ErrorCauseFix
401 - missing API keyNo key provided in requestAdd Authorization: Bearer sk-sb-... header
401 - invalid API keyKey doesn't exist or is malformedCheck for typos, ensure the full key is included
401 - API key has been revokedKey was disabled in the consoleCreate a new key
401 - API key has expiredKey passed its expiration dateCreate a new key or extend expiration

Next Steps