MoleAPIMoleAPI
DocumentationQuick StartBasic Tutorials

API Key Security Configuration

Reduce the risk of API Key leakage with least privilege, access restrictions, and rotation mechanisms

Three-Layer Security Strategy

1) Network Layer: IP Whitelist

If your service is deployed on a fixed server, an IP whitelist is usually the most effective first line of defense.

2) Permission Layer: Least Privilege

It is recommended to grant only the capabilities that are actually needed:

  • Enable only the required models
  • Use only the appropriate groups
  • Set a reasonable quota for critical API Keys

3) Operations Layer: Rotation and Auditing

For long-term use, it is recommended to combine the following:

  • Rotate API Keys regularly
  • Set up alerts for abnormal requests
  • Split API Keys by business function to make auditing easier

What to Do If a Leak Occurs

  1. Immediately disable or delete the compromised API Key
  2. Create a new API Key and update your service configuration
  3. Trace back the source of the leak, such as a repository, logs, frontend exposure, or leaked screenshots

How is this guide?

Last updated on

Pricing Page

When choosing a model, don't just look at the name—also consider capabilities, cost, group, and real-world use cases

Notification Settings and Quota Alerts

Getting balance or anomaly alerts in advance is more important than troubleshooting after the service is already affected

On this page

Three-Layer Security Strategy
1) Network Layer: IP Whitelist
2) Permission Layer: Least Privilege
3) Operations Layer: Rotation and Auditing
What to Do If a Leak Occurs
For Agent

This page is optimized for agents. Send this prompt to your agent to read.

/en-US/docs/getting-started/tutorials/key-security
Back HomeGateway