Help Center/ MaaS/ Model Calling/ Appendix/ Managing API Keys
Updated on 2026-07-08 GMT+08:00

Managing API Keys

When using MaaS, you often need to call model services via APIs for tasks such as data requests and model inference. However, improper management of API keys (loss or leakage) can lead to unauthorized access risks, thereby compromising service security and stability. To ensure the secure management of API keys and prevent unauthorized access, the MaaS platform offers API key management, enabling you to create, edit, and manage permissions for API keys. This ensures that only users with valid API keys can successfully call model services, and only those with appropriate permissions can manage API Keys, while also reducing the risk of prolonged key exposure. This section explains how to create, edit, and delete API keys.

Constraints

  • Each account can have up to 30 API keys. If you exceed this limit, delete old keys before adding new ones.
  • After you create an API key, you must save it right away. The system does not store the key as plain text.
  • After you delete an API key, it becomes invalid right away.

Creating an API Key

You can create up to 30 API keys. An API key is displayed only once after being created. Copy and keep it secure. If the key is lost, create a new API key.

  1. Log in to the MaaS console and select the target region on the top navigation bar.
  2. In the navigation pane, choose Management and Statistics > API Key Management .
  3. On the API Key Management page, click Create API Key, configure the basic information and permission settings, and click OK.

    The tag cannot be modified after the key is created.

    Table 1 Parameters

    Parameter

    Description

    Basic information

    Tag

    Tag of the API key. The tag must be unique. The tag can contain 1 to 100 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

    Description

    Description of the custom API key. The value can contain 1 to 100 characters.

    Permission Settings

    Scope of Authority

    You can select All (unrestricted access to all resources) or Customize (access to specified resources). The default value is All.

    IP Address Whitelist

    This parameter can be configured when Scope of Authority is set to Customize.

    After this function is enabled, only IP addresses in the whitelist can be used to call model services. IPv4 CIDR blocks are supported. Enter an IPv4 CIDR block and press Enter. A maximum of 100 addresses can be entered. IPv4 example:
    • 192.168.1.1
    • 192.168.1.10-192.168.1.100
    • 192.168.10.0/24
    Figure 1 IP address whitelist

    Model Service Access Scope

    This parameter can be configured when Scope of Authority is set to Customize.

    You can select Built-in Services or Endpoint.

    NOTE:

    To use built-in services and endpoints, submit a service ticket.

    • Built-in Services: The API key restricts access to selected models and versions when making calls using the model parameter. The system automatically includes all current and future built-in services and their versions. Choose specific ones if needed.
    • Endpoint: The system automatically includes all current and future endpoints. Choose specific ones if needed. For details about how to create an endpoint, see Creating an Endpoint.
  4. In the displayed dialog box, read the message carefully, copy the key and save it to a secure location, and click Saved. Confirm and Close.
    Figure 2 Saving an API key

    After you close the dialog box, the key cannot be viewed again. Once you create the API key, it appears on the API Key Management page. The system shows only the first and last four characters by default.

    Figure 3 API key

Editing an API Key

Once an API key is created, its tag remains fixed. You can adjust other settings as needed. Modifying the permission may cause authentication failures for some model services and endpoints. Confirm the impact before performing the operation.

  1. Log in to the MaaS console and select the target region on the top navigation bar.
  2. In the navigation pane, choose Management and Statistics > API Key Management .
  3. In the Operation column of the target API key, click Edit.
  4. In the displayed dialog box, modify the basic information and permission settings as required, and click OK.

    For details, see Table 1.

  5. In the Edit API Key? dialog box, enter YES and click OK.

    After an API key is updated, changes will take effect in 5 minutes.

Deleting an API Key

If you reach the API key limit or if a key is leaked or lost, delete unused API keys. Deleting the API key will permanently remove it and prevent its use or retrieval. Exercise caution when performing this operation.

  1. Log in to the MaaS console and select the target region on the top navigation bar.
  2. In the navigation pane, choose Management and Statistics > API Key Management .
  3. Click Delete on the right of the target API key.
  4. In the Delete API Key dialog box, click OK.

FAQs

  1. How long does it take for an API key to become valid after it is created?

    An API key becomes valid a few minutes after creation.

  2. Can I use an API key across regions?

    API keys work only in their specific region. For example, an API key created in the CN-Hong Kong region can only be used in this region.