Create and Manage Tokens
Scenario
Create a token when a business application needs to call model APIs. Use a separate token for each application and environment so that quotas, audits, and revocation can be managed independently. After the token is created, the system generates API Key plaintext, and the application uses the API Key to make requests.
Prerequisites
- The user has permission to create tokens.
- The target organization exists.
- At least one model and one channel are available.
Create a Token
- Log in to the console.
- Go to Token Management.
- Click Create Token.
- Enter a token name, for example
order-service-prod. - Select the owning user and organization.
- Configure the allowed model scope.
- Configure quota and expiration time.
- Configure a client IP allowlist if required.
- Click OK.
- Copy the API Key plaintext from the result dialog and save it in the application's secret management system.
Field Description
| Field | Description |
|---|---|
| Name | Identifies the caller. Include the application and environment. |
| Organization | Used for cost ownership and access control. |
| Allowed Models | Models that this token can call. |
| Expiration | The token becomes unavailable after expiration. |
| Quota | Budget or usage limit for the token. |
| IP Allowlist | Client addresses allowed to use this token. |
Verification
Call a model with the API Key generated by the new token:
curl http://{ROUTER_HOST}:3080/v1/chat/completions \
-H "Authorization: Bearer {API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [
{
"role": "user",
"content": "health check"
}
]
}'
After the request succeeds, Usage Log should show the token, user, organization, model, and channel.
Manage Tokens
Administrators can perform these operations from Token Management:
| Operation | Description |
|---|---|
| Suspend | Temporarily stop model calls with the token. |
| Enable | Restore a suspended token. |
| Adjust Quota | Change token budget or usage limit. |
| Modify Model Scope | Change the models that the token can call. |
| Delete | Permanently delete the token. This cannot be undone. |
Notes
- Do not share one production token or API Key across multiple applications.
- Suspend or delete the corresponding token immediately if its API Key is leaked, and then create a new token.
- After changing the model scope, run a test call again.
