Tenzro Docs

API Keys

Manage API keys for authenticating with Tenzro Cloud services. Create keys with specific permissions and track usage.

Key Types

TypePrefixUse Case
Developmentdev_Local development, testing
Productionprod_Production applications
Clientclient_Browser-safe, rate-limited

Creating an API Key

  1. Go to your project in the Console
  2. Navigate to Settings → API Keys
  3. Click Create New Key
  4. Configure the key settings:
    • Name: Descriptive name for the key
    • Type: Development, Production, or Client
    • Permissions: Select allowed services
    • Expiration: Optional expiration date
  5. Click Create Key
  6. Copy the key immediately - it won't be shown again

Key Permissions

Configure granular permissions for each key:

Permissions:
├── Vec (Vector Database)
│   ├── Read
│   ├── Write
│   └── Delete
├── Kev (Key-Value Store)
│   ├── Read
│   ├── Write
│   └── Delete
├── Data (SQL Database)
│   ├── Read
│   ├── Write
│   └── Admin
├── AI Services
│   ├── Inference
│   ├── Agents
│   └── Workflows
├── File Storage
│   ├── Read
│   ├── Write
│   └── Delete
└── Admin
    ├── Manage Keys
    └── View Usage

Using API Keys

Environment Variables

# .env file
TENZRO_API_KEY=dev_your_api_key_here
TENZRO_PROJECT_ID=your_project_id

SDK Authentication

import { Tenzro } from 'tenzro';


// Using environment variable (recommended)
const tenzro = new Tenzro();


// Or explicit configuration
const tenzro = new Tenzro({
  apiKey: 'dev_your_api_key_here',
  projectId: 'your_project_id',
});

REST API Authentication

# Using Authorization header
curl https://api.cloud.tenzro.com/vec/databases \
  -H "Authorization: Bearer dev_your_api_key_here" \
  -H "X-Project-ID: your_project_id"


# Or using X-API-Key header
curl https://api.cloud.tenzro.com/vec/databases \
  -H "X-API-Key: dev_your_api_key_here" \
  -H "X-Project-ID: your_project_id"

Client Keys for Browsers

Client keys are safe to expose in browser applications. They have:

  • Strict rate limiting (100 req/min default)
  • Domain restrictions (CORS)
  • Limited permissions (no admin access)
  • Usage tracking per client
// Browser-safe usage
import { TenzroEdge } from '@tenzro/edge';


const edge = new TenzroEdge({
  clientId: 'client_your_client_id', // Safe to expose
});


// Rate-limited AI inference
const response = await edge.ai.generate({
  model: 'gemini-2.5-flash',
  prompt: 'Hello!',
});

Key Rotation

Best practices for key management:

  1. Rotate production keys every 90 days
  2. Create new key before revoking old one
  3. Use environment variables, never hardcode
  4. Use separate keys per environment
# Rotate key via CLI
tenzro keys rotate prod_old_key --project my-project


# This creates a new key and gives you 24 hours to migrate

Revoking Keys

Revoked keys are immediately invalidated. All requests using a revoked key will return 401 Unauthorized.

  1. Go to Settings → API Keys
  2. Find the key to revoke
  3. Click the menu (⋮) and select Revoke
  4. Confirm the revocation

Usage Monitoring

Track API key usage in the console:

  • Requests: Total API calls per key
  • Bandwidth: Data transferred
  • Errors: Failed requests and error rates
  • Last Used: Most recent activity

Security Best Practices

  • Never commit API keys to version control
  • Use .env files locally, secrets in production
  • Set the minimum required permissions
  • Use client keys for frontend applications
  • Enable IP allowlists for production keys
  • Set up usage alerts for anomaly detection