API Key Management
Secure and efficient management of your DeepSeek API keys is crucial for maintaining the security and performance of your applications. This guide covers everything you need to know about creating, managing, and securing your API keys.
Overview
API keys are the primary method for authenticating requests to the DeepSeek API. Each key provides access to your account's resources and should be treated as sensitive credentials.
Key Features
- Secure Authentication: Industry-standard security practices
- Granular Permissions: Control access to specific features and models
- Usage Monitoring: Track API usage and costs in real-time
- Rate Limiting: Configurable limits to prevent abuse
- Automatic Rotation: Support for key rotation and lifecycle management
Creating API Keys
Step 1: Access the Dashboard
- Log in to your DeepSeek Platform account
- Navigate to the API Keys section in the sidebar
- Click "Create New API Key"
Step 2: Configure Key Settings
Basic Settings
Key Name: my-production-app
Description: Production API key for web application
Environment: ProductionPermissions
Select the specific permissions your application needs:
- Chat Completions: Access to conversational AI models
- Code Generation: Access to coding assistance models
- Image Processing: Access to vision and image models
- Audio Processing: Access to audio and speech models
- Embeddings: Access to text embedding models
- File Operations: Upload and manage files
- Fine-tuning: Create and manage custom models
Rate Limits
Configure usage limits to prevent unexpected costs:
Requests per minute: 1000
Tokens per minute: 100000
Monthly spending limit: $500Step 3: Generate and Store
- Click "Generate Key"
- Copy the key immediately - it will only be shown once
- Store the key securely (see Security Best Practices)
Key Types and Scopes
Production Keys
- Full access to all enabled features
- Higher rate limits
- Suitable for production applications
- Enhanced monitoring and alerting
Development Keys
- Limited rate limits
- Access to development models
- Suitable for testing and development
- Lower cost per request
Restricted Keys
- Limited to specific models or features
- Custom rate limits
- Ideal for third-party integrations
- Enhanced security controls
Managing Existing Keys
Viewing Key Information
bash
# Using the DeepSeek CLI
deepseek keys list
# Example output
ID NAME STATUS CREATED LAST_USED
key_abc123 production-app active 2024-01-15 2024-03-15
key_def456 development-test active 2024-02-01 2024-03-14
key_ghi789 mobile-app inactive 2024-01-20 2024-02-28Key Details Dashboard
Access detailed information about each key:
- Usage Statistics: Request counts, token usage, error rates
- Cost Analysis: Spending breakdown by model and feature
- Security Events: Authentication attempts and security alerts
- Performance Metrics: Response times and success rates
Updating Key Settings
Modify Permissions
python
from deepseek import DeepSeekClient
# Update key permissions via API
client = DeepSeekClient(api_key="your-admin-key")
client.keys.update(
key_id="key_abc123",
permissions=["chat", "code", "embeddings"],
rate_limits={
"requests_per_minute": 2000,
"tokens_per_minute": 200000
}
)Change Rate Limits
python
# Update rate limits
client.keys.update_limits(
key_id="key_abc123",
limits={
"requests_per_minute": 1500,
"tokens_per_minute": 150000,
"monthly_spending_limit": 750
}
)Security Best Practices
1. Secure Storage
Environment Variables
bash
# .env file
DEEPSEEK_API_KEY=your_api_key_here
DEEPSEEK_ENVIRONMENT=production
# Never commit .env files to version control
echo ".env" >> .gitignoreCloud Secret Management
python
# AWS Secrets Manager
import boto3
import json
def get_api_key():
client = boto3.client('secretsmanager', region_name='us-east-1')
response = client.get_secret_value(SecretId='deepseek/api-key')
secret = json.loads(response['SecretString'])
return secret['api_key']
# Azure Key Vault
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
def get_api_key_azure():
credential = DefaultAzureCredential()
client = SecretClient(
vault_url="https://your-vault.vault.azure.net/",
credential=credential
)
secret = client.get_secret("deepseek-api-key")
return secret.value
# Google Secret Manager
from google.cloud import secretmanager
def get_api_key_gcp():
client = secretmanager.SecretManagerServiceClient()
name = "projects/your-project/secrets/deepseek-api-key/versions/latest"
response = client.access_secret_version(request={"name": name})
return response.payload.data.decode("UTF-8")2. Key Rotation
Automated Rotation
python
import schedule
import time
from datetime import datetime, timedelta
class APIKeyRotator:
def __init__(self, admin_client):
self.admin_client = admin_client
self.rotation_interval = 90 # days
def rotate_key(self, key_id):
"""Rotate an API key"""
try:
# Create new key with same permissions
old_key_info = self.admin_client.keys.get(key_id)
new_key = self.admin_client.keys.create(
name=f"{old_key_info.name}-rotated",
permissions=old_key_info.permissions,
rate_limits=old_key_info.rate_limits
)
# Update applications with new key
self.update_applications(new_key.key)
# Deactivate old key after grace period
schedule.every(7).days.do(
self.deactivate_key,
key_id
).tag(f'deactivate-{key_id}')
return new_key
except Exception as e:
print(f"Key rotation failed: {e}")
# Implement alerting
self.send_alert(f"Key rotation failed for {key_id}: {e}")
def update_applications(self, new_key):
"""Update applications with new API key"""
# Update environment variables, secret managers, etc.
# This depends on your deployment strategy
pass
def deactivate_key(self, key_id):
"""Deactivate old key"""
self.admin_client.keys.deactivate(key_id)
schedule.clear(f'deactivate-{key_id}')
def send_alert(self, message):
"""Send alert for key rotation issues"""
# Implement your alerting mechanism
pass
# Schedule automatic rotation
rotator = APIKeyRotator(admin_client)
schedule.every(90).days.do(rotator.rotate_key, "key_abc123")
while True:
schedule.run_pending()
time.sleep(3600) # Check every hour3. Access Control
IP Whitelisting
python
# Configure IP restrictions
client.keys.update_security(
key_id="key_abc123",
allowed_ips=[
"203.0.113.0/24", # Office network
"198.51.100.50", # Production server
"192.0.2.100" # Backup server
]
)Referrer Restrictions
python
# Restrict usage to specific domains
client.keys.update_security(
key_id="key_abc123",
allowed_referrers=[
"https://yourdomain.com/*",
"https://api.yourdomain.com/*"
]
)4. Monitoring and Alerting
Usage Monitoring
python
class KeyMonitor:
def __init__(self, client):
self.client = client
def check_usage_anomalies(self, key_id):
"""Monitor for unusual usage patterns"""
usage = self.client.keys.get_usage(
key_id=key_id,
period="24h"
)
# Check for anomalies
if usage.requests > usage.average_requests * 2:
self.send_alert(f"Unusual request volume for key {key_id}")
if usage.error_rate > 0.1: # 10% error rate
self.send_alert(f"High error rate for key {key_id}")
if usage.cost > usage.daily_budget:
self.send_alert(f"Budget exceeded for key {key_id}")
def send_alert(self, message):
"""Send monitoring alert"""
# Implement your alerting system
print(f"ALERT: {message}")
# Run monitoring
monitor = KeyMonitor(client)
schedule.every(1).hours.do(monitor.check_usage_anomalies, "key_abc123")Security Event Monitoring
python
def monitor_security_events(key_id):
"""Monitor security events for a key"""
events = client.keys.get_security_events(
key_id=key_id,
since="24h"
)
for event in events:
if event.type == "unauthorized_access":
send_security_alert(f"Unauthorized access attempt for key {key_id}")
elif event.type == "rate_limit_exceeded":
send_security_alert(f"Rate limit exceeded for key {key_id}")
elif event.type == "suspicious_pattern":
send_security_alert(f"Suspicious usage pattern for key {key_id}")
def send_security_alert(message):
"""Send security alert"""
# Implement immediate alerting for security events
print(f"SECURITY ALERT: {message}")Usage Tracking and Analytics
Real-time Usage Dashboard
python
import matplotlib.pyplot as plt
import pandas as pd
from datetime import datetime, timedelta
class UsageDashboard:
def __init__(self, client):
self.client = client
def get_usage_data(self, key_id, days=30):
"""Get usage data for visualization"""
end_date = datetime.now()
start_date = end_date - timedelta(days=days)
usage = self.client.keys.get_detailed_usage(
key_id=key_id,
start_date=start_date,
end_date=end_date,
granularity="daily"
)
return pd.DataFrame(usage)
def plot_usage_trends(self, key_id):
"""Create usage trend visualizations"""
df = self.get_usage_data(key_id)
fig, axes = plt.subplots(2, 2, figsize=(15, 10))
# Request volume
axes[0, 0].plot(df['date'], df['requests'])
axes[0, 0].set_title('Daily Requests')
axes[0, 0].set_xlabel('Date')
axes[0, 0].set_ylabel('Requests')
# Token usage
axes[0, 1].plot(df['date'], df['tokens'])
axes[0, 1].set_title('Daily Token Usage')
axes[0, 1].set_xlabel('Date')
axes[0, 1].set_ylabel('Tokens')
# Cost analysis
axes[1, 0].bar(df['date'], df['cost'])
axes[1, 0].set_title('Daily Cost')
axes[1, 0].set_xlabel('Date')
axes[1, 0].set_ylabel('Cost ($)')
# Error rates
axes[1, 1].plot(df['date'], df['error_rate'])
axes[1, 1].set_title('Error Rate')
axes[1, 1].set_xlabel('Date')
axes[1, 1].set_ylabel('Error Rate (%)')
plt.tight_layout()
plt.savefig(f'usage_dashboard_{key_id}.png')
plt.show()
def generate_usage_report(self, key_id):
"""Generate comprehensive usage report"""
df = self.get_usage_data(key_id)
report = {
'total_requests': df['requests'].sum(),
'total_tokens': df['tokens'].sum(),
'total_cost': df['cost'].sum(),
'average_daily_requests': df['requests'].mean(),
'peak_daily_requests': df['requests'].max(),
'average_error_rate': df['error_rate'].mean(),
'cost_per_request': df['cost'].sum() / df['requests'].sum(),
'cost_per_token': df['cost'].sum() / df['tokens'].sum()
}
return report
# Usage
dashboard = UsageDashboard(client)
dashboard.plot_usage_trends("key_abc123")
report = dashboard.generate_usage_report("key_abc123")
print(report)Cost Optimization
python
class CostOptimizer:
def __init__(self, client):
self.client = client
def analyze_model_usage(self, key_id):
"""Analyze usage by model to optimize costs"""
usage = self.client.keys.get_model_usage(key_id=key_id)
recommendations = []
for model_usage in usage:
model = model_usage['model']
cost = model_usage['cost']
requests = model_usage['requests']
# Check if cheaper alternatives are available
if model == 'deepseek-chat' and requests < 1000:
recommendations.append({
'type': 'model_downgrade',
'message': f'Consider using deepseek-lite for low-volume usage',
'potential_savings': cost * 0.3
})
# Check for batch processing opportunities
if model_usage['average_tokens_per_request'] < 100:
recommendations.append({
'type': 'batch_processing',
'message': f'Consider batching small requests for {model}',
'potential_savings': cost * 0.15
})
return recommendations
def suggest_rate_limit_optimization(self, key_id):
"""Suggest optimal rate limits based on usage patterns"""
usage = self.client.keys.get_usage_patterns(key_id=key_id)
suggestions = {
'requests_per_minute': max(usage['peak_requests_per_minute'] * 1.2, 100),
'tokens_per_minute': max(usage['peak_tokens_per_minute'] * 1.2, 10000),
'reasoning': 'Based on peak usage with 20% buffer'
}
return suggestions
# Usage
optimizer = CostOptimizer(client)
recommendations = optimizer.analyze_model_usage("key_abc123")
rate_suggestions = optimizer.suggest_rate_limit_optimization("key_abc123")Troubleshooting
Common Issues
1. Authentication Errors
python
def diagnose_auth_error(api_key):
"""Diagnose authentication issues"""
try:
client = DeepSeekClient(api_key=api_key)
response = client.models.list()
print("✓ API key is valid and working")
return True
except AuthenticationError as e:
if "invalid" in str(e).lower():
print("✗ API key is invalid")
print("Solutions:")
print("1. Check if the key was copied correctly")
print("2. Verify the key hasn't been deactivated")
print("3. Generate a new key if necessary")
elif "expired" in str(e).lower():
print("✗ API key has expired")
print("Solutions:")
print("1. Generate a new API key")
print("2. Update your application configuration")
return False
except Exception as e:
print(f"✗ Unexpected error: {e}")
return False
# Usage
diagnose_auth_error("your-api-key")2. Rate Limit Issues
python
def diagnose_rate_limits(key_id):
"""Diagnose rate limiting issues"""
try:
limits = client.keys.get_rate_limits(key_id)
usage = client.keys.get_current_usage(key_id)
print(f"Current Usage:")
print(f" Requests: {usage.requests}/{limits.requests_per_minute} per minute")
print(f" Tokens: {usage.tokens}/{limits.tokens_per_minute} per minute")
if usage.requests >= limits.requests_per_minute * 0.9:
print("⚠️ Approaching request rate limit")
print("Solutions:")
print("1. Implement request queuing")
print("2. Increase rate limits")
print("3. Use multiple API keys")
if usage.tokens >= limits.tokens_per_minute * 0.9:
print("⚠️ Approaching token rate limit")
print("Solutions:")
print("1. Reduce response length (max_tokens)")
print("2. Optimize prompts")
print("3. Increase token limits")
except Exception as e:
print(f"Error checking rate limits: {e}")
# Usage
diagnose_rate_limits("key_abc123")3. Permission Issues
python
def check_permissions(key_id, required_permissions):
"""Check if key has required permissions"""
try:
key_info = client.keys.get(key_id)
current_permissions = set(key_info.permissions)
required_permissions = set(required_permissions)
missing_permissions = required_permissions - current_permissions
if missing_permissions:
print(f"✗ Missing permissions: {missing_permissions}")
print("Solutions:")
print("1. Update key permissions in dashboard")
print("2. Create a new key with required permissions")
print("3. Use a different key with appropriate permissions")
return False
else:
print("✓ All required permissions are available")
return True
except Exception as e:
print(f"Error checking permissions: {e}")
return False
# Usage
check_permissions("key_abc123", ["chat", "code", "embeddings"])Health Check Implementation
python
class APIKeyHealthCheck:
def __init__(self, client):
self.client = client
def comprehensive_health_check(self, key_id):
"""Perform comprehensive health check"""
results = {
'overall_status': 'healthy',
'checks': []
}
# Check 1: Basic connectivity
try:
self.client.models.list()
results['checks'].append({
'name': 'connectivity',
'status': 'pass',
'message': 'API connectivity successful'
})
except Exception as e:
results['checks'].append({
'name': 'connectivity',
'status': 'fail',
'message': f'Connectivity failed: {e}'
})
results['overall_status'] = 'unhealthy'
# Check 2: Rate limits
try:
usage = self.client.keys.get_current_usage(key_id)
limits = self.client.keys.get_rate_limits(key_id)
request_utilization = usage.requests / limits.requests_per_minute
token_utilization = usage.tokens / limits.tokens_per_minute
if request_utilization > 0.8 or token_utilization > 0.8:
results['checks'].append({
'name': 'rate_limits',
'status': 'warning',
'message': 'High rate limit utilization'
})
if results['overall_status'] == 'healthy':
results['overall_status'] = 'warning'
else:
results['checks'].append({
'name': 'rate_limits',
'status': 'pass',
'message': 'Rate limits healthy'
})
except Exception as e:
results['checks'].append({
'name': 'rate_limits',
'status': 'fail',
'message': f'Rate limit check failed: {e}'
})
results['overall_status'] = 'unhealthy'
# Check 3: Recent errors
try:
errors = self.client.keys.get_recent_errors(key_id, hours=1)
error_rate = len(errors) / max(usage.requests, 1)
if error_rate > 0.05: # 5% error rate
results['checks'].append({
'name': 'error_rate',
'status': 'warning',
'message': f'High error rate: {error_rate:.2%}'
})
if results['overall_status'] == 'healthy':
results['overall_status'] = 'warning'
else:
results['checks'].append({
'name': 'error_rate',
'status': 'pass',
'message': 'Error rate normal'
})
except Exception as e:
results['checks'].append({
'name': 'error_rate',
'status': 'fail',
'message': f'Error rate check failed: {e}'
})
return results
def generate_health_report(self, key_id):
"""Generate detailed health report"""
health = self.comprehensive_health_check(key_id)
print(f"API Key Health Report - {key_id}")
print(f"Overall Status: {health['overall_status'].upper()}")
print("-" * 50)
for check in health['checks']:
status_icon = {
'pass': '✓',
'warning': '⚠️',
'fail': '✗'
}.get(check['status'], '?')
print(f"{status_icon} {check['name']}: {check['message']}")
return health
# Usage
health_checker = APIKeyHealthCheck(client)
health_report = health_checker.generate_health_report("key_abc123")Best Practices Summary
Security Checklist
- [ ] Store API keys in secure environment variables or secret managers
- [ ] Never commit API keys to version control
- [ ] Implement key rotation policies
- [ ] Use IP whitelisting where possible
- [ ] Monitor for unusual usage patterns
- [ ] Set up security event alerting
- [ ] Use least-privilege permissions
- [ ] Implement proper error handling
Performance Checklist
- [ ] Set appropriate rate limits
- [ ] Implement retry logic with exponential backoff
- [ ] Use connection pooling for high-volume applications
- [ ] Monitor and optimize token usage
- [ ] Cache responses where appropriate
- [ ] Use streaming for long responses
- [ ] Implement request queuing for rate limit management
Monitoring Checklist
- [ ] Track usage metrics and costs
- [ ] Set up budget alerts
- [ ] Monitor error rates and response times
- [ ] Implement health checks
- [ ] Create usage dashboards
- [ ] Set up automated reporting
- [ ] Monitor security events
Support and Resources
Documentation
- API Reference - Complete API documentation
- SDK Documentation - Language-specific guides
- Security Guide - Comprehensive security practices
Tools and Utilities
- DeepSeek CLI - Command-line interface
- Key Management Scripts - Automation scripts
- Monitoring Templates - Dashboard templates
Support Channels
- Technical Support - Direct technical assistance
- Community Forum - Community discussions
- Status Page - Service status and incidents
- Security Contact - Security-related issues
Proper API key management is essential for secure and efficient use of DeepSeek AI. Follow these guidelines to ensure your applications remain secure, performant, and cost-effective.