Access keys
Access keys authenticate the use of Privatemode in the proxy, apps, and supported clients. They're essentially API keys. They aren't cryptographic keys and the security of your prompts doesn't depend on them.
Create an access key
In the portal, open Access keys and create a new key. You can set:
- a name
- an optional comment
- an expiration date
- optional custom limits
To prevent misuse, you should store newly generated access keys securely. If someone gets hold of your access key, they can use Privatemode at your cost. However, they won't be able to see your prompts or data.
Key expiration
Access keys can expire. Use expiration dates when:
- granting temporary access
- testing integrations
- reducing long-lived credential risk
If a key is close to expiration, rotate it before it stops working.
Advanced limits
The portal supports optional per-key limits such as:
- prompt tokens per minute
- completion tokens per minute
- requests per minute
- monthly prompt token limits
- monthly completion token limits
- monthly audio minute limits
If these aren't set, the organization defaults apply.
Web app access keys
If you've used the Privatemode web app before, you may see a special key named chat.privatemode.ai. This key is used implicitly by the Privatemode web app for your organization. In most cases, you don't need to handle it directly during normal web app use. The main reason it appears on the access keys page is so you can rotate or replace it when needed.
Rotation and deletion
Rotate keys regularly and delete keys that are no longer needed. A typical rotation flow is:
- Create a replacement key
- Update the consuming app or proxy
- Verify traffic works
- Delete the old key
Use an access key
You can use an access key with:
- the Privatemode proxy
- the Privatemode web app, where the special web app key is used implicitly for your organization