How to Manage API Keys for Your AI Agent

API keys are the bridge between your AI agent and the model providers that power its intelligence. Managing them properly is essential for security, cost control, and reliable agent operation. A poorly managed key can lead to unauthorized charges, agent downtime, or security vulnerabilities.

This guide covers everything about API key management for your EZClaws agents: obtaining keys from providers, configuring them on EZClaws, setting spending limits, rotating keys, and handling compromised keys. Whether this is your first API key or you are managing keys for multiple agents, this guide has you covered.

Prerequisites

To follow this guide, you need:

• An EZClaws account — Sign up at ezclaws.com.
• An account with a model provider — OpenAI, Anthropic, Google (Gemini), or Replicate. If you do not have one, this guide will walk you through creating one.
• A payment method on the provider account — Most providers require a payment method before you can use their API.

Step 1: Choose a Model Provider

If you have not chosen a provider yet, here is a quick comparison:

Provider    | Best Model     | Best For            | Starting Cost
------------|---------------|---------------------|------------------
OpenAI      | GPT-4o        | General purpose     | ~$0.15/1M tokens (mini)
Anthropic   | Claude Sonnet | Code, writing       | ~$0.25/1M tokens (haiku)
Google      | Gemini Pro    | Cost-effective       | ~$0.075/1M tokens (flash)
Replicate   | Various       | Open-source models  | Varies by model

For beginners, we recommend OpenAI — it has the largest community, extensive documentation, and reliable API. For a detailed comparison, see our model provider configuration guide.

Step 2: Create a Provider Account and Get Your API Key

OpenAI

1. Create an account at platform.openai.com.
2. Add a payment method — Go to Settings > Billing > Payment methods. Add a credit card or debit card.
3. Add credits — New accounts need a minimum balance. Start with $5-10 for testing.
4. Navigate to API keys — Click on "API keys" in the left sidebar.
5. Create a new key — Click "Create new secret key."
6. Name your key — Give it a descriptive name like "EZClaws Support Bot" or "My AI Agent."
7. Copy the key immediately — The full key is only shown once. Copy it and store it securely.

Your OpenAI key looks like:
sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Important:
- The key starts with "sk-proj-" or "sk-"
- It is a long alphanumeric string
- You CANNOT view it again after creation
- If you lose it, you must create a new one

Anthropic

1. Create an account at console.anthropic.com.
2. Add billing information — Navigate to Settings > Billing.
3. Navigate to API Keys — Go to Settings > API Keys.
4. Create a key — Click "Create Key."
5. Name and copy — Name it descriptively and copy immediately.

Your Anthropic key looks like:
sk-ant-apixx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Google (Gemini)

1. Sign in at aistudio.google.com with your Google account.
2. Navigate to API keys — Look for the "Get API key" option.
3. Create a key — Click "Create API key."
4. Copy the key — Store it securely.

Your Google API key looks like:
AIzaSyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For production use with higher quotas, create the key through Google Cloud Console instead.

Replicate

1. Create an account at replicate.com.
2. Navigate to API tokens — Go to Account Settings > API Tokens.
3. Copy your token — Your API token is displayed on the page.

Your Replicate token looks like:
r8_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Step 3: Configure the API Key on EZClaws

Once you have your key, add it to your EZClaws agent.

For a New Agent

During the agent creation process:

1. Go to your dashboard at /app.
2. Click Deploy New Agent.
3. Select your Model Provider from the dropdown.
4. Paste your API Key in the designated field.
5. Complete the remaining fields (name, region).
6. Click Deploy Agent.

For an Existing Agent

To add or update an API key:

1. Navigate to your agent's detail page at /app/agents/[id].
2. Open the configuration or settings panel.
3. Find the Model Provider and API Key fields.
4. Select the provider (if changing) and paste the new key.
5. Save the changes.

The agent will use the new key on its next request. No restart is needed.

Verification

After configuring the key, verify it works:

1. Check that your agent's status is "Running" on the dashboard.
2. Send a test message through your connected channel (Telegram, etc.).
3. If the agent responds, the key is working correctly.
4. If the agent shows an error, double-check the key and provider selection.

Step 4: Secure Your API Key

API key security is not optional. A compromised key can result in unauthorized charges and potential data exposure.

Security Best Practices

DO:
- Store keys in a password manager (1Password, Bitwarden, etc.)
- Use unique keys for each agent
- Set spending limits on every key
- Rotate keys regularly (every 90 days)
- Revoke keys immediately if compromised
- Monitor usage on the provider's dashboard

DO NOT:
- Share keys via email, Slack, or chat
- Store keys in plain text files
- Commit keys to Git repositories
- Include keys in screenshots
- Reuse keys across multiple applications
- Share keys with colleagues (they should use their own)

After Entry on EZClaws

Once you enter your API key on EZClaws:

• The key is encrypted at rest.
• The dashboard will not display the full key again (it may show the last few characters for identification).
• The key is passed to your agent's container as an encrypted environment variable.
• The key is never included in logs or error messages.

Step 5: Set Spending Limits

Spending limits are your safety net against unexpected charges. Set them on your provider account.

OpenAI Spending Limits

1. Go to platform.openai.com/settings/limits.
2. Set a monthly budget limit — This is the maximum you can spend in a calendar month.
3. Set an email notification threshold — Get alerted before you hit the limit.

Recommended limits for EZClaws agents:

Testing/Development: $10/month
Personal agent (light use): $25/month
Personal agent (regular use): $50/month
Team agent (moderate): $100/month
Production (high traffic): $200-500/month

Anthropic Spending Limits

1. Go to console.anthropic.com/settings/billing.
2. Set your usage limit for the billing period.
3. Configure notification thresholds.

Google Spending Limits

1. Go to Google Cloud Console > Billing > Budgets & Alerts.
2. Create a budget for the Gemini API.
3. Set alert thresholds at 50%, 80%, and 100% of budget.

Why Limits Matter

Without spending limits:

Scenario: API key compromised
- No limit: Attacker runs up $500+ in charges before you notice
- With $50 limit: Maximum exposure is $50, and you get notified

Scenario: Agent misconfiguration causes a loop
- No limit: Thousands of API calls in minutes, hundreds of dollars
- With limit: Spending stops at your defined maximum

Step 6: Rotate Keys Regularly

Key rotation is a fundamental security practice. Even if nothing has gone wrong, regular rotation limits the window of exposure for any key.

Rotation Process

1. Generate a new key on your provider's dashboard.
2. Update the key in your EZClaws agent configuration.
3. Test the agent — Send a message to verify the new key works.
4. Revoke the old key on the provider's dashboard.
5. Update your records — Note the rotation date in your password manager.

# Rotation schedule:
Routine rotation: Every 90 days
After team member leaves: Immediately
After suspected compromise: Immediately
After a security audit: If recommended

# Set a calendar reminder:
"Rotate API keys for EZClaws agents"
Repeat: Every 3 months

Safe Rotation Steps (Zero Downtime)

To rotate without any downtime:

1. Create the new key (the old key still works).
2. Update EZClaws with the new key.
3. Wait 5 minutes for the change to propagate.
4. Test to confirm the new key works.
5. Only then revoke the old key.

This ensures there is no moment when neither key is active.

Step 7: Handle Compromised Keys

If you suspect your API key has been compromised (unauthorized usage, key shared accidentally, etc.), act immediately:

Emergency Response Steps

1. REVOKE the key NOW (do not wait)
   - Go to your provider's dashboard
   - Find the compromised key
   - Click "Revoke" or "Delete"
   - The key stops working instantly

2. GENERATE a new key
   - Create a new key on the provider
   - Give it a new name (e.g., "Agent-v2-2026-02")

3. UPDATE EZClaws
   - Go to your agent's configuration
   - Enter the new key
   - Save changes

4. CHECK for damage
   - Review your provider's usage dashboard
   - Look for unusual API calls (spikes in usage, unknown models)
   - Check the billing for unexpected charges

5. REPORT if necessary
   - If significant unauthorized charges occurred,
     contact the provider's support team
   - Most providers will investigate and potentially
     reverse fraudulent charges

6. PREVENT recurrence
   - Identify how the key was compromised
   - Set or lower spending limits
   - Review your security practices

Common Compromise Scenarios

Scenario: Key committed to a public GitHub repo
Response: Revoke immediately. GitHub's secret scanning may alert you,
but do not wait for the alert.

Scenario: Key shared in a Slack message
Response: Revoke and rotate. Anyone with access to that Slack channel
now has the key.

Scenario: Unusual charges on provider dashboard
Response: Revoke all potentially affected keys. Investigate which
key was used.

Scenario: Former team member had access
Response: Rotate all keys they had access to.

Step 8: Manage Multiple Keys

As you scale to multiple agents, key management becomes more important.

One Key Per Agent

The recommended approach:

Agent: Support Bot → API Key: sk-proj-support-xxxx (OpenAI)
Agent: Research Bot → API Key: sk-ant-research-xxxx (Anthropic)
Agent: Team Helper → API Key: sk-proj-helper-xxxx (OpenAI)

Benefits:

• Revoke one key without affecting other agents.
• Track per-agent usage on the provider's dashboard.
• Set different spending limits per agent.

Key Inventory

Maintain an inventory of all your keys:

Key Inventory (store securely, e.g., password manager):

Key Name          | Provider  | Agent          | Created    | Next Rotation
------------------|-----------|----------------|------------|---------------
support-bot-v3    | OpenAI    | Support Bot    | 2026-01-15 | 2026-04-15
research-bot-v2   | Anthropic | Research Bot   | 2026-02-01 | 2026-05-01
team-helper-v1    | OpenAI    | Team Helper    | 2026-02-10 | 2026-05-10

Provider Account Organization

For teams with many agents:

OpenAI:
  Project: EZClaws Production
    Key: support-bot-prod
    Key: team-helper-prod
  Project: EZClaws Development
    Key: dev-testing

Anthropic:
  Workspace: EZClaws
    Key: research-bot-prod
    Key: writing-assistant-prod

Organize keys into projects or workspaces on the provider side for cleaner management.

Troubleshooting

"Invalid API key" error when deploying

1. Re-copy the key — Go back to your provider dashboard and copy the key fresh.
2. Check for whitespace — Ensure no leading or trailing spaces when pasting.
3. Verify the provider — Make sure you selected the correct provider for the key (e.g., OpenAI key with OpenAI selected).
4. Check key status — The key may have been revoked or the account may be suspended.

Agent was working but suddenly stopped

1. Check if the key was revoked — Log in to your provider dashboard and verify the key is active.
2. Check spending limits — You may have hit your provider's spending limit.
3. Check provider status — The provider may be experiencing an outage.
4. Check credit balance — Verify your EZClaws credits at /app/billing.

Cannot find my API key

1. You cannot view old keys — Most providers only show the key once at creation.
2. Create a new key — Generate a fresh key on your provider's dashboard.
3. Revoke the old one — If you cannot identify which key is which, revoke all unused keys.
4. Use a password manager — Store new keys in a password manager to avoid this in the future.

Provider charges seem too high

1. Check EZClaws usage — Compare with your billing at /app/billing.
2. Check for other usage — The same key might be used by other applications.
3. Review per-request costs — See our usage monitoring guide.
4. Set tighter limits — Lower your spending limit to match actual needs.
5. See cost optimization — Our cost reduction guide has detailed strategies.

Summary

API key management is a foundational skill for running AI agents. The process is simple: obtain a key from your model provider, configure it on EZClaws, set spending limits, and rotate regularly. Good habits here prevent security incidents, control costs, and ensure your agents run reliably.

The most important practices are: use unique keys per agent, always set spending limits, store keys in a password manager, and rotate every 90 days. If a key is ever compromised, revoke it immediately — you can always create a new one.

For more on configuring model providers, see our provider configuration guide. For cost management, explore our usage monitoring guide and cost reduction guide. Visit our blog for the latest best practices and tips.