https://gateway.ngrok.ai. Send it with every request—the gateway uses it to verify who is calling and whether the request is allowed through.
Access keys vs provider keys
The AI Gateway splits authentication into two credentials so your application never handles upstream secrets.| Access key | Provider key | |
|---|---|---|
| What it is | The credential your app sends to the gateway | An upstream API key for OpenAI, Anthropic, or another provider |
| Where it lives | In your application | In app.ngrok.ai, attached through an access key configuration |
| Who uses it | Your code, as the SDK’s api_key | The AI Gateway, injected server-side on each request |
Use in your application
Create and manage keys
Create a separate key per application or team so you can revoke one client without affecting others.Via the ngrok dashboard
- Open app.ngrok.ai → Keys.
- Click New access key.
- Enter a name and optionally assign a configuration.
- Copy the token immediately—it’s only shown once.
Via the AI Gateway API
- Create an AI Gateway API key.
- Send a request to the Access Keys API, authorized with that key:
Things to know
Your key token is only shown once
When you create a key, the token (starting withng-) is displayed exactly once. If you lose it, delete the key and create a new one.
Requests require credits
Every request consumes credits for ngrok’s processing fee. When ngrok.ai inference handles built-in OpenAI or Anthropic, credits also cover model cost. When you bring your own key, upstream costs go to your provider account. When your balance reaches zero, new requests fail until you purchase more credits.Invalid keys are rejected
Malformed or deleted access keys are rejected immediately with a401 Unauthorized. See Error Codes to look up that and other gateway responses.
Credentials overview
| Credential | What it’s for |
|---|---|
| ngrok.ai access keys | Authenticate AI requests to gateway.ngrok.ai (required) |
| ngrok.ai API keys | Automate AI Gateway resources via api.ngrok.ai |
| ngrok API keys | Manage ngrok platform resources via the ngrok API |
| Your provider keys | Upstream credentials. See Bring your own provider key |
Next steps
Access Key Configurations
Scope providers and route traffic per key
Bring your own provider key
Store upstream credentials
Securing Your Gateway
Per-client keys and revocation
Credits
How usage is billed