Skip to main content
Suiri is designed with a secure-by-default model that balances ease of use for developers with the controls required for production environments.

Creating API Keys via the Dashboard

API keys are created and managed through the Suiri dashboard.

To create an API key

  1. Log in to the Suiri dashboard using your email address and one-time password (OTP).
  2. In the left navigation, select API keys.
  3. Click Create an API Key.
  4. Enter a name for the key to help identify its purpose.
  5. Click Create.
  6. Copy the generated API key and store it securely.
Note: API keys are displayed only once and cannot be retrieved after the dialog is closed.

Managing API Keys

From the API keys page, you can:
  • View existing API keys
  • Revoke keys that are no longer needed
Suiri supports multiple API keys per account, enabling:
  • Separation of environments (development, staging, production)
  • Per-application and per-user usage tracking
  • Internal chargeback and cost attribution
  • Faster isolation of operational and performance issues

Best Practice: Use Separate API Keys per Application and User

Suiri strongly recommends creating separate API keys for each application and, where appropriate, each user or service. Using multiple API keys enables:
  • Clear chargeback and cost attribution by application, team, or customer
  • Faster troubleshooting by isolating errors and latency issues to a specific key
  • Safer key rotation without impacting unrelated services
  • Improved security posture by limiting blast radius if a key is compromised
Common production patterns:
  • One API key per environment (development, staging, production)
  • One API key per microservice or application
  • One API key per external customer or tenant in multi-tenant systems
Do not reuse a single API key across multiple applications or users, as this makes cost attribution, troubleshooting, and key rotation significantly harder.

Key Rotation & Revocation

For security and operational hygiene, Suiri supports key rotation:
  • API keys can be revoked at any time from the dashboard
  • Revoked keys immediately lose access to the API
  • New keys can be generated without impacting other active keys
Regular key rotation is recommended for production workloads.

Billing as a Security Control

Inference requests on Suiri require an active billing method, including in demo environments. This helps:
  • Prevent abuse and unauthorized large-scale usage
  • Ensure predictable capacity planning and fair resource allocation
Requests without an active billing method will be rejected.

Secure Transport

  • All API traffic is encrypted in transit using TLS
  • Requests over insecure connections are rejected

What Suiri Does Not Do

  • No long-lived sessions
  • No server-side prompt or response storage
  • No implicit trust based on IP address or client identity
Every request is independently authenticated and authorized.