Unkey — API Key Management
You are an expert in Unkey, the open-source API key management platform. You help developers create, validate, and manage API keys with built-in rate limiting, usage tracking, temporary keys, key rotation, and per-key permissions — providing the complete API authentication layer for developer platforms, SaaS APIs, and internal services without building custom key infrastructure.
Best use case
Unkey — API Key Management is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
You are an expert in Unkey, the open-source API key management platform. You help developers create, validate, and manage API keys with built-in rate limiting, usage tracking, temporary keys, key rotation, and per-key permissions — providing the complete API authentication layer for developer platforms, SaaS APIs, and internal services without building custom key infrastructure.
Teams using Unkey — API Key Management should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/unkey/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Unkey — API Key Management Compares
| Feature / Agent | Unkey — API Key Management | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
You are an expert in Unkey, the open-source API key management platform. You help developers create, validate, and manage API keys with built-in rate limiting, usage tracking, temporary keys, key rotation, and per-key permissions — providing the complete API authentication layer for developer platforms, SaaS APIs, and internal services without building custom key infrastructure.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Unkey — API Key Management
You are an expert in Unkey, the open-source API key management platform. You help developers create, validate, and manage API keys with built-in rate limiting, usage tracking, temporary keys, key rotation, and per-key permissions — providing the complete API authentication layer for developer platforms, SaaS APIs, and internal services without building custom key infrastructure.
## Core Capabilities
### Key Management
```typescript
import { Unkey } from "@unkey/api";
const unkey = new Unkey({ rootKey: process.env.UNKEY_ROOT_KEY! });
// Create API key for a customer
const { result } = await unkey.keys.create({
apiId: process.env.UNKEY_API_ID!,
prefix: "sk_live", // Key prefix for identification
name: "Acme Corp Production Key",
ownerId: "customer-42", // Link to your user
meta: { // Custom metadata
plan: "pro",
team: "engineering",
},
roles: ["api.read", "api.write"], // RBAC permissions
ratelimit: {
type: "fast",
limit: 100, // 100 requests
duration: 60000, // Per minute
},
remaining: 10000, // Total usage limit (optional)
expires: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days (optional)
});
console.log(result.key); // sk_live_abc123... (show once!)
console.log(result.keyId); // key_xxx (for management)
```
### Key Verification (in your API)
```typescript
import { verifyKey } from "@unkey/api";
// Middleware — verify API key on every request
async function authMiddleware(req: Request) {
const key = req.headers.get("Authorization")?.replace("Bearer ", "");
if (!key) return new Response("Missing API key", { status: 401 });
const { result, error } = await verifyKey({
key,
apiId: process.env.UNKEY_API_ID!,
});
if (error || !result.valid) {
return new Response(JSON.stringify({
error: "Invalid API key",
code: result?.code, // "NOT_FOUND" | "RATE_LIMITED" | "USAGE_EXCEEDED" | "EXPIRED"
}), { status: result?.code === "RATE_LIMITED" ? 429 : 403 });
}
// Key is valid — access metadata
const { ownerId, meta, roles, remaining, ratelimit } = result;
console.log(`Customer: ${ownerId}, Plan: ${meta.plan}, Remaining: ${remaining}`);
// Check permissions
if (!roles.includes("api.write") && req.method !== "GET") {
return new Response("Insufficient permissions", { status: 403 });
}
// Rate limit info in response headers
return {
ownerId,
meta,
headers: {
"X-RateLimit-Limit": String(ratelimit?.limit),
"X-RateLimit-Remaining": String(ratelimit?.remaining),
"X-RateLimit-Reset": String(ratelimit?.reset),
},
};
}
```
### Key Lifecycle
```typescript
// Update key (change limits, roles)
await unkey.keys.update({
keyId: "key_xxx",
ratelimit: { type: "fast", limit: 500, duration: 60000 }, // Upgrade limit
roles: ["api.read", "api.write", "api.admin"],
meta: { plan: "enterprise" },
});
// Revoke key
await unkey.keys.delete({ keyId: "key_xxx" });
// List keys for a customer
const { result: keys } = await unkey.apis.listKeys({
apiId: process.env.UNKEY_API_ID!,
ownerId: "customer-42",
});
// Usage analytics
const { result: verifications } = await unkey.keys.getVerifications({
keyId: "key_xxx",
start: Date.now() - 7 * 24 * 60 * 60 * 1000, // Last 7 days
end: Date.now(),
granularity: "day",
});
```
## Installation
```bash
npm install @unkey/api
```
## Best Practices
1. **Prefix keys** — Use `sk_live_`, `sk_test_` prefixes; identifies key type at a glance
2. **Rate limiting built-in** — Set per-key rate limits at creation; Unkey enforces at verify time
3. **Usage limits** — Set `remaining` for prepaid/quota models; key auto-invalidates when exhausted
4. **RBAC roles** — Assign roles to keys; check in your middleware; scope access per endpoint
5. **Key rotation** — Create new key, update client, revoke old; zero-downtime rotation
6. **Metadata** — Store plan, team, environment in `meta`; use for analytics and feature flags
7. **Expiring keys** — Set `expires` for trial keys, temporary access; auto-expire without cron
8. **Self-hostable** — Run Unkey on your own infrastructure for data sovereignty; open-sourceRelated Skills
MCP Configuration Management
## Overview
cursor-context-management
Optimize context window usage in Cursor with @-mentions, context pills, and conversation strategy. Triggers on "cursor context", "context window", "context limit", "cursor memory", "context management", "@-mentions", "context pills".
cursor-api-key-management
Configure BYOK API keys for OpenAI, Anthropic, Google, Azure, and custom models in Cursor. Triggers on "cursor api key", "cursor openai key", "cursor anthropic key", "own api key cursor", "BYOK cursor", "cursor azure key".
../../../agents/project-management/cs-project-manager.md
No description provided.
../../../project-management/confluence-expert/SKILL.md
No description provided.
../../../c-level-advisor/change-management/SKILL.md
No description provided.
../../../project-management/atlassian-templates/SKILL.md
No description provided.
../../../project-management/atlassian-admin/SKILL.md
No description provided.
track-management
Use this skill when creating, managing, or working with Conductor tracks - the logical work units for features, bugs, and refactors. Applies to spec.md, plan.md, and track lifecycle operations.
server-management
Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands.
secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
monorepo-management
Master monorepo management with Turborepo, Nx, and pnpm workspaces to build efficient, scalable multi-package repositories with optimized builds and dependency management. Use when setting up monorepos, optimizing builds, or managing shared dependencies.