API Reference
API Keys Setup
Last updated May 28, 2026
How to create and use Cencori API keys for public integrations.
Overview
Cencori API keys are created and revoked in the project dashboard. Public product integrations use those keys to call runtime APIs; they do not create or rotate keys through https://api.cencori.com/v1.
Go to Project > API Keys, create a secret key for server-side use, and store it as CENCORI_API_KEY.
Key Types
| Key | Prefix | Use |
|---|---|---|
| Secret key | csk_... or csk_test_... | Server-side SDKs, API routes, workers, and backend services |
| Publishable key | cpk_... or cpk_test_... | Browser/mobile scenarios that explicitly support publishable keys and allowed domains |
Use csk_... keys for the quick start, SDKs, and OpenAI-compatible integrations unless a guide specifically tells you to use a publishable key.
Public Runtime Usage
CENCORI_API_KEY=csk_...curl https://api.cencori.com/v1/models \
-H "Authorization: Bearer $CENCORI_API_KEY"For native Cencori SDK/REST calls, CENCORI_API_KEY: csk_... is also accepted.
Programmatic Key Management
Public API-key management endpoints are not available yet. Dashboard routes under /api/projects/{projectId}/api-keys require a signed-in Cencori owner session and should not be used from customer product code.
Best Practices
- Rotate keys regularly (every 90 days recommended).
- Use separate keys for different environments.
- Revoke unused keys immediately.
- Never commit keys to version control.
- Never expose a
csk_...key in browser code or a mobile app bundle.