https://gateway.ngrok.ai. Send it with every request—the gateway uses it to verify who is calling and whether the request is allowed through.
Access keys vs provider keys
The AI Gateway splits authentication into two credentials so your application never handles upstream secrets.
Because the two are separate, you can rotate or revoke an access key for one client without touching your provider keys, and your upstream secrets never ship in client code.
With credits, built-in OpenAI and Anthropic work through ngrok.ai inference—no provider keys to store at all.
See How It Works for the full request flow.
Use in your application
Create and manage keys
Create a separate key per application or team so you can revoke one client without affecting others.Via the ngrok dashboard
- Open app.ngrok.ai → Keys.
- Click New access key.
- Enter a name and optionally assign a configuration.
- Copy the token immediately—it’s only shown once.
Via the AI Gateway API
- Create an AI Gateway API key.
- Send a request to the Access Keys API, authorized with that key:
Things to know
Your key token is only shown once
When you create a key, the token (starting withng-) is displayed exactly once. If you lose it, delete the key and create a new one.
Requests require credits
Every request consumes credits for ngrok’s processing fee. When ngrok.ai inference handles built-in OpenAI or Anthropic, credits also cover model cost. When you bring your own key, upstream costs go to your provider account. When your balance reaches zero, new requests fail until you purchase more credits.Invalid keys are rejected
Malformed or deleted access keys are rejected immediately with a401 Unauthorized. See Error Codes to look up that and other gateway responses.
Credentials overview
Next steps
Access Key Configurations
Scope providers and route traffic per key
Bring your own provider key
Store upstream credentials
Securing Your Gateway
Per-client keys and revocation
Credits
How usage is billed