Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ruapi.ai/llms.txt

Use this file to discover all available pages before exploring further.

You need an API key (also called a token) to call any model through RuAPI. Keys start with sk-....

Creating a key

1

Open the Tokens section

Dashboard → Tokens.
2

Create a new token

Click Create token. Fill in:
  • Name: for your reference, e.g. local-dev, production-bot.
  • Expiry: leave “Never” or set a specific date.
  • Spend limit (optional): cap on how much this key can draw from your overall balance.
  • Model access (optional): restrict the key to specific models.
3

Copy the key

You see the full key once — save it immediately. After this only the last 4 characters are visible.
The full API key is shown only once. If you lose it, revoke it and create a new one.

Using the key

Pass the key in the Authorization: Bearer sk-... header on every request: 
curl https://www.ruapi.ai/v1/chat/completions \
  -H "Authorization: Bearer sk-YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{...}'
SDKs accept it as api_key or apiKey — see API Reference.

Security best practices

❌ Don't commit to Git

Never put sk-... in commits. Repos — especially public — get scraped by bots in minutes.

✅ Use environment variables

Store the key in .env or system env. Read it with os.getenv("OPENAI_API_KEY").

❌ Don't expose to frontend

The API key belongs only on the backend. If the browser calls RuAPI directly, anyone opening DevTools sees the key.

✅ One key per project

Don’t share a single key across projects. If one leaks, the others stay safe — only revoke the bad one.

Revoking and rotating

If a key leaks (committed to Git, posted in chat, in a screenshot):
1

Revoke immediately

In Tokens, find the bad key → Disable or Delete. All subsequent requests with it return 401 Unauthorized.
2

Create a replacement

Generate a new key with the same limits and update your application’s environment.
3

Audit logs

In Logs, scan for suspicious requests from the leaked key before revocation.

Spend limits

When creating a key you can set “max X USD from overall balance”. Useful for:
  • Prod/staging split: production key with no limit, staging with $10 limit.
  • Delegation: give a contractor a key with a $50 cap for one feature.
  • Bug protection: a runaway script can’t drain everything — it hits the cap.
When the limit is reached, the key stops working automatically (even if your overall balance has more).

Multiple keys

You can have any number of active keys at once. A typical layout:
KeyPurposeExpiryLimit
prod-appProductionnevernone
stagingStagingnever$10
local-devLocal development30 days$5
experiment-XExperimental project X7 days$1
This gives isolation — if one key has issues, revoke and recreate it without touching the others.

Account compromise

If your RuAPI account is compromised (someone got your password):
  1. Change your password immediately (if you still have access).
  2. If you’ve lost access — email support@ruapi.ai from the email on file with your description of the situation.
  3. After regaining access: revoke all API keys and create new ones.