API Keys
How to create, manage, and configure API keys in the Developer Portal.
Creating an API Key
- Sign in to the Developer Portal and navigate to the API Keys page.
- Click Create API Key.
- Fill in the form:
- Key Name — A descriptive name (e.g., "Production — Main App").
- Model Access — Select which services this key can use (see Scopes below).
- Expiration — Choose when the key expires: Never, 30 Days, 60 Days, or 90 Days.
- Click Create Key.
- A dialog will display your full API key. Copy it immediately.
The full API key is shown only once. You will not be able to view it again after closing the dialog.
- Check the "I have saved this API key securely" checkbox, then click Done.
Scopes
Scopes control which API endpoints your key can access. You choose scopes when creating a key.
| Scope | Description | Endpoints |
|---|---|---|
| AI Detector | Detect AI-generated content in text | POST /api/detector/ |
| Image Detector | Detect AI-generated images | POST /api/image-detector/predict/ |
If you call an endpoint that requires a scope your key doesn't have, the request will return 403 Forbidden.
Using Your API Key
Include your key in the X-API-Key header with every request:
curl -X POST https://developer-portal.proofademic.ai/api/detector/ \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_API_KEY" \
-d '{"content": "Your text here"}'Managing Keys
The API Keys page shows all your keys in a table:
| Column | Description |
|---|---|
| Name | The name you gave the key |
| Status | Active or Revoked |
| Key | Key prefix (first characters) for identification |
| Created | Date the key was created |
| Scopes | Icons showing which services the key can access |
Revoking a Key
Open the actions menu (⋯) next to the key and select Revoke. Revoked keys are immediately rejected by the API. This action cannot be undone.
Deleting a Key
Open the actions menu (⋯) and select Delete. This permanently removes the key.
Rotating Keys
To rotate a key without downtime:
- Create a new key.
- Update your application to use the new key.
- Verify the new key works.
- Revoke or delete the old key.
Key Status
| Status | Description |
|---|---|
Active | Key is valid and can be used for API requests |
Revoked | Key has been manually revoked and is permanently disabled |
Expired keys (past their expiration date) are also rejected, regardless of status.
Key Limits
The number of active API keys you can have depends on your plan:
| Plan | Max Active Keys |
|---|---|
| Trial | 1 |
| 300K | 5 |
| 1M | 5 |
| 2M | 10 |
| 5M | 10 |
| 12M | 25 |
| 25M | 25 |
If you reach the limit, revoke or delete an existing key before creating a new one.
Key Prefix
API keys are prefixed with prfd_ for easy identification. For example: prfd_abc123.... The prefix is visible in the Key column of the API Keys table.
Security Best Practices
- Never expose keys in client-side code — API keys should only be used in server-side applications.
- Use environment variables — Store keys in env vars or a secrets manager, not in source code.
- One key per environment — Create separate keys for development, staging, and production.
- Set expiration dates — Use expiration for keys that don't need to last indefinitely.
- Revoke unused keys — Regularly audit and revoke keys that are no longer in use.