Stop rebuilding API key management. Use ours.

API key management
in one HTTP call

Your users create API keys in your dashboard. You validate them server-side with a single GET request. Rate limiting, scopes, expiry, and usage logs included.

Start free — 100 keysView docs →
middleware.js — validate API key in 2 lines
// In your Express/Next.js middleware:
const res = await fetch(
'https://henry-apikeys.vercel.app/api/validate/' + req.headers['x-api-key']
)
const { valid, user_id, scopes, rate_limit } = await res.json()
// valid: true · user_id: 'u_abc123' · scopes: ['read','write'] · rate_limit: { remaining: 98 }

Everything API key management needs

Instant validation
Validate any API key with one GET request. Returns user_id, scopes, and rate limit status in <50ms.
🎯
Scopes & permissions
Define custom scopes (read, write, admin). Keys carry their scopes and your app enforces them.
⏱️
Rate limiting
Set per-key rate limits (requests/hour). We track and enforce. Your app gets remaining count.
📊
Usage logs
Every API call is logged with timestamp, endpoint, and status. Filter by key or time range.
🔑
Key lifecycle
Create, rotate, and revoke keys instantly. Set expiry dates. Keys become invalid immediately on revoke.
🤖
MCP + REST API
Full REST API v1 and MCP server. Manage keys programmatically from your CI/CD pipeline.

Simple pricing

Free for small projects. Affordable as you grow.

Free
$0
  • 100 API keys
  • Basic validation
  • No usage logs
  • Community support
Popular
Starter
$9/mo
  • Unlimited keys
  • Usage logs
  • Rate limiting
  • Email support
Growth
$29/mo
  • Custom scopes
  • Analytics dashboard
  • Webhook on revoke
  • REST API + MCP
Compare all plans →