Where should a TKEN API key be stored?

Store it in a server-side environment variable, secret manager or deployment secret. Do not ship it in browser code, mobile apps, screenshots or public repos.

What is the safest key rotation order?

Create a new key, update one low-risk environment, run a smoke test, roll out to production, then revoke the old key after traffic is confirmed healthy.

What should be checked after rotation?

Check authentication failures, gateway latency, model route errors, spend anomalies and redacted logs for the first production traffic window.

API key safety

Rotate OpenAI-compatible gateway keys without breaking apps

TKEN keys should be treated like production secrets. Use a staged rotation process so your SDKs, LiteLLM proxy, Open WebUI instance or coding-assistant setup can move to a new key with a rollback path.

Open token console Run quickstart

Server-side secret never public

# .env.production or deployment secret store
TKEN_API_KEY="new-key-from-console"
TKEN_BASE_URL="https://www.tken.shop/v1"

# quick smoke test after rollout
curl "$TKEN_BASE_URL/models" \
  -H "Authorization: Bearer $TKEN_API_KEY"

Create new key before revoking old key

Smoke test one low-risk environment first

Redact keys from logs and support tickets

Rotation sequence

The goal is to prove the new key works before removing the old one. Keep rollback simple and avoid changing model routes, pricing settings or app behavior during the same maintenance window.

Base URL

https://www.tken.shop/v1

Secret name

TKEN_API_KEY

First test

/models or one chat request

Rollback

Old key retained until healthy

Key rotation checklist

1. Inventory every consumer

List SDK services, cron jobs, LiteLLM routers, Open WebUI deployments, Continue configs, CI jobs and internal scripts that use the current key.

2. Roll out the new key in stages

Update a test or staging environment first. Run one low-risk request and confirm authentication, model route and latency.

3. Revoke only after production is healthy

After production traffic succeeds with the new key, revoke the old key and watch for authentication failures from forgotten workers.

TKEN is an independent third-party API gateway. This checklist is operational guidance, not a provider affiliation claim.

Rotate with a rollback path

Add the new key, test one request, move traffic, then revoke the old key only after the gateway is healthy.

Create account Gateway overview