API Keys

RedPill uses API keys to authenticate requests. All requests must include your API key in the Authorization header.

Getting Your API Key

1

Sign Up

Create an account at redpill.ai/signup
2

Access Dashboard

Navigate to your dashboard
3

Generate API Key

Click “Generate API Key” to create a new key
4

Add Credits

Add credits to your account to start making requests

Using API Keys

Include your API key in the Authorization header with the Bearer scheme: 
curl https://api.redpill.ai/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "openai/gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }"

Environment Variables

Store your API key securely using environment variables: 
REDPILL_API_KEY=sk-your-api-key-here

Key Format

RedPill API keys follow this format: 
sk-{random_alphanumeric_string}
Example: sk-9JABKD0bYW6s8VN6PoIG0LUOj1uo44TrXm0MNJWXe7GWP1wR

Security Best Practices

Don’t do this:
client = OpenAI(api_key="sk-9JABKD0bYW...")  # Hardcoded
Do this instead:
client = OpenAI(api_key=os.environ.get("REDPILL_API_KEY"))
Store API keys in environment variables or secure secret management systems:
  • .env files (add to .gitignore)
  • AWS Secrets Manager
  • Google Cloud Secret Manager
  • Azure Key Vault
  • HashiCorp Vault
Add files containing keys to .gitignore:
# .gitignore
.env
.env.local
secrets/
*.key
  • Generate new API keys periodically
  • Revoke old keys after rotation
  • Use different keys for development and production
Never expose API keys in client-side code (browsers, mobile apps):
  • ❌ Don’t include in JavaScript sent to browsers
  • ❌ Don’t embed in mobile app binaries
  • ✅ Make requests from your backend server
  • ✅ Use proxy endpoints for client apps

Request Headers

Required Headers

HeaderValueDescription
AuthorizationBearer YOUR_API_KEYYour RedPill API key
Content-Typeapplication/jsonRequest body format

Optional Headers

HeaderExampleDescription
x-redpill-provideropenaiForce specific provider
x-redpill-trace-idcustom-trace-123Custom trace ID for logging
x-redpill-metadata{"user_id": "123"}Custom metadata
Example with optional headers: 
curl https://api.redpill.ai/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -H "x-redpill-provider: anthropic" \
  -H "x-redpill-trace-id: request-123" \
  -d '{
    "model": "claude-3.5-sonnet",
    "messages": [{"role": "user", "content": "Hello"}]
  }"

Managing API Keys

View Your Keys

Access your API keys in the dashboard.

Revoke a Key

If a key is compromised:
  1. Go to your dashboard
  2. Find the compromised key
  3. Click “Revoke”
  4. Generate a new key

Multiple Keys

You can create multiple API keys for different purposes:
  • Development: For local testing
  • Staging: For staging environment
  • Production: For live applications
  • CI/CD: For automated testing

Rate Limits

API keys are subject to rate limits based on your account tier:
TierRequests/MinTokens/Min
Free60100,000
Pro6001,000,000
EnterpriseCustomCustom

Learn More About Pricing

View detailed pricing and rate limits →

Checking Your Usage

Monitor your API usage and credit balance: 
curl https://api.redpill.ai/v1/usage \
  -H "Authorization: Bearer YOUR_API_KEY"
Response: 
{
  "credits_remaining": "25.50",
  "credits_used_today": "4.50",
  "requests_today": 142,
  "tokens_used_today": 45230
}

Error Handling

Invalid API Key

{
  "error": {
    "message": "Invalid API key provided",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}

Missing API Key

{
  "error": {
    "message": "No API key provided",
    "type": "invalid_request_error",
    "code": "missing_api_key"
  }
}

Insufficient Credits

{
  "error": {
    "message": "Insufficient credits",
    "type": "insufficient_quota",
    "code": "insufficient_credits"
  }
}

Error Handling Guide

Learn how to handle all API errors →

FAQs

No, you need a RedPill API key. However, RedPill is OpenAI-compatible, so you can use the same SDKs and code - just change the API key and base URL.
Credits are deducted based on the number of tokens processed. Different models have different per-token costs. See Pricing for details.
Immediately revoke the compromised key in your dashboard and generate a new one. Past requests cannot be reversed, but revoking stops future unauthorized use.
It’s better to generate separate API keys for each team member. This allows better tracking and individual key revocation if needed.
API keys don’t expire automatically but can be revoked manually. It’s recommended to rotate keys periodically for security.

Next Steps

Make Your First Request

Start using the API

Security Best Practices

Learn about RedPill’s security