> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shuttleai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create, manage, and secure your ShuttleAI API keys.

API keys authenticate your requests to the ShuttleAI API. You can manage your keys at [shuttleai.com/keys](https://shuttleai.com/keys).

## Master key

Every account has one **master key**. This is your primary API key with full access to all endpoints and models available on your plan.

Your master key is displayed as dots with only the last 4 characters visible for security. Use the **copy** button to copy it to your clipboard.

### Regenerating your master key

If your master key is compromised:

1. Go to [API Keys](https://shuttleai.com/keys)
2. Click the **Regenerate** button next to your master key
3. Confirm the action in the dialog
4. Update your key in all applications

<Warning>
  Regenerating your master key **immediately invalidates** the old key. Any application using the old key will stop working.
</Warning>

## Sub-keys

Sub-keys let you create separate API keys for different applications, environments, or team members. Each sub-key has the same access level as your master key.

### Creating a sub-key

1. Go to [API Keys](https://shuttleai.com/keys)
2. Click **Create Sub-Key**
3. Give it a descriptive name (e.g., "Production Server", "Dev Environment")
4. Copy the new key

You can create up to **10 sub-keys** per account.

### Managing sub-keys

For each sub-key, you can:

* **Copy** — Copy the key to your clipboard
* **Rename** — Change the display name
* **Delete** — Permanently revoke the key

### Why use sub-keys?

<AccordionGroup>
  <Accordion title="Separate environments">
    Use different keys for development, staging, and production. If a dev key leaks, revoke just that one without affecting production.
  </Accordion>

  <Accordion title="Per-application tracking">
    Create a key for each app or service to track which application is making which requests.
  </Accordion>

  <Accordion title="Easy revocation">
    If a key is compromised, delete just that sub-key. Your master key and other sub-keys remain unaffected.
  </Accordion>
</AccordionGroup>

## Key format

All ShuttleAI API keys start with the `shuttle-` prefix:

```
shuttle-xxxxxxxxxxxxxxxxxxxxx
```

## Best practices

<Steps>
  <Step title="Never hardcode keys">
    Store your API key in environment variables, not in your source code.

    ```bash theme={null}
    export SHUTTLEAI_API_KEY="shuttle-xxx"
    ```
  </Step>

  <Step title="Use sub-keys for apps">
    Create a separate sub-key for each application instead of sharing your master key.
  </Step>

  <Step title="Rotate regularly">
    Periodically regenerate keys, especially if team members with access leave.
  </Step>

  <Step title="Use .gitignore">
    Add `.env` files to `.gitignore` to prevent accidentally committing keys.

    ```
    # .gitignore
    .env
    .env.local
    ```
  </Step>
</Steps>