NemoRouter
Getting Started

Authentication

How authentication works in NemoRouter

Authentication

Every request to the NemoRouter API requires authentication via an API key. This page covers how keys work, how to use them, and security best practices.

Login page — sign in to manage keys, billing, and your team

API Key Format

NemoRouter API keys follow this format:

sk-nemo-xxxxxxxxxxxxxxxxxxxx

Keys are prefixed with sk-nemo- so you can easily identify them in your codebase. After creation, your full key is shown exactly once — copy it immediately and store it securely. The dashboard only displays the key name and last 4 characters afterward.

Using Your API Key

Pass your API key in the Authorization header as a Bearer token:

curl https://api.nemorouter.ai/v1/chat/completions \
  -H "Authorization: Bearer $NEMOROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4o", "messages": [{"role": "user", "content": "Hello"}]}'

In Python with the OpenAI SDK:

from openai import OpenAI

client = OpenAI(
    api_key="sk-nemo-your-key-here",
    base_url="https://api.nemorouter.ai/v1",
)

In Node.js:

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: process.env.NEMOROUTER_API_KEY,
  baseURL: "https://api.nemorouter.ai/v1",
});

Environment Variables

Store your API key as an environment variable rather than hardcoding it:

# .env file
NEMOROUTER_API_KEY=sk-nemo-your-key-here

The standard environment variable name is NEMOROUTER_API_KEY (no underscore between "Nemo" and "Router"), following the same convention as OPENAI_API_KEY and ANTHROPIC_API_KEY.

Creating API Keys

Dashboard screenshot pending

Replace this with dashboard-keys-create.jpg showing the Create Key modal with a name, optional team assignment, and budget. The modal is reached from /[organization]/keysCreate Key.

  1. Navigate to the API Keys page in your NemoRouter dashboard
  2. Click Create Key
  3. Give your key a descriptive name (e.g., "production-backend", "staging-ci")
  4. Optionally assign the key to a specific team
  5. Optionally set a budget limit for this key
  6. Copy the full key immediately — it will not be shown again

Key Properties

Each API key has the following properties:

PropertyDescription
Key NameA human-readable label (e.g., "production-backend")
Key AliasThe display format shown in dashboard: sk-...last4
TeamOptional team assignment for scoped permissions
BudgetOptional spending limit attached to this key
Rate LimitsRPM (requests per minute) and TPM (tokens per minute)
SpendCumulative spend tracked automatically per key
StatusActive or revoked

Per-Key Tracking

Every API key tracks its own usage independently:

  • Spend tracking — Each request's cost is recorded against the specific key used
  • Rate limiting — RPM and TPM limits are enforced per key
  • Budget enforcement — Keys with budgets are blocked when the limit is reached
  • Request logs — Every request is logged with the key alias for auditability

This means you can create separate keys for different environments, teams, or applications and track their usage independently.

Revoking Keys

To revoke a key:

  1. Go to the API Keys page
  2. Find the key you want to revoke
  3. Click the delete action
  4. Confirm the revocation

Revoked keys are immediately rejected on all subsequent requests. Any in-flight requests using the key will complete, but no new requests will be accepted.

Security Best Practices

Do

  • Store keys in environment variables or a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.)
  • Use different keys for different environments (development, staging, production)
  • Set budget limits on keys to prevent runaway costs
  • Rotate keys periodically and revoke unused keys
  • Use descriptive key names so you can identify their purpose

Do Not

  • Hardcode keys in source code
  • Commit keys to version control (add .env to .gitignore)
  • Share keys between unrelated applications
  • Use a single key for your entire organization — create per-team or per-service keys
  • Log or display full API keys in your application

Example .gitignore

# Environment variables
.env
.env.local
.env.production

Example with a Secrets Manager

import boto3
from openai import OpenAI

# Fetch key from AWS Secrets Manager
secrets = boto3.client("secretsmanager")
secret = secrets.get_secret_value(SecretId="nemorouter/api-key")
api_key = secret["SecretString"]

client = OpenAI(
    api_key=api_key,
    base_url="https://api.nemorouter.ai/v1",
)

Error Responses

Authentication errors return standard HTTP status codes:

StatusMeaningCommon Cause
401 UnauthorizedInvalid or missing API keyKey is wrong, missing, or revoked
403 ForbiddenKey lacks permissionKey doesn't have access to the requested resource
429 Too Many RequestsRate limit exceededToo many requests for this key's RPM/TPM limit

Example error response:

{
  "error": {
    "message": "Invalid API key provided.",
    "type": "authentication_error",
    "code": "invalid_api_key"
  }
}

Next Steps

Quick Start

Make your first API call in under 2 minutes

Playground

Test any NemoRouter model interactively from your browser

On this page

AuthenticationAPI Key FormatUsing Your API KeyEnvironment VariablesCreating API KeysKey PropertiesPer-Key TrackingRevoking KeysSecurity Best PracticesDoDo NotExample .gitignoreExample with a Secrets ManagerError ResponsesNext Steps