Skip to main content
API keys are sensitive credentials that provide access to your Langdock account and resources. Protecting them is essential to maintain the security of your applications and data. This guide outlines best practices for managing your Langdock API keys safely.

Why API Key Security Matters

Your Langdock API keys grant access to your account’s AI capabilities and data. If compromised, unauthorized users could:
  • Access your Langdock resources and incur unexpected costs
  • Expose sensitive data processed through your applications
  • Abuse your account for malicious purposes
  • Violate your organization’s compliance requirements

Best Practices for API Key Management

Never Hardcode API Keys

Don’t do this:
from openai import OpenAI

client = OpenAI(
    base_url="https://api.langdock.com/openai/eu/v1",
    api_key="your-api-key-here"
)
Hardcoding API keys in your source code exposes them to anyone with access to your codebase, including version control history.

Use Environment Variables

Store your API keys in environment variables rather than in your code. This separates configuration from code and makes it easier to manage different keys across environments.
Do this instead:
1. Create a .env file in your project directory and add your API key: 
LANGDOCK_API_KEY=your-api-key-here
2. Install the python-dotenv package: 
pip install python-dotenv
3. Load your API key into your Python script: 
from dotenv import load_dotenv
from openai import OpenAI
import os

load_dotenv()

client = OpenAI(
    base_url="https://api.langdock.com/openai/eu/v1",
    api_key=os.environ.get("LANGDOCK_API_KEY")
)

Keep Keys Out of Version Control

Add files containing sensitive credentials to your .gitignore file to prevent accidentally committing them: 
# .gitignore
.env
.env.local
config/secrets.yml
credentials.json

Use Different Keys for Different Use Cases

Create separate API keys for different applications, environments, or teams. This practice:
  • Limits the impact if a key is compromised
  • Helps track usage by application or team
  • Makes key rotation easier
  • Provides better audit trails
For example, use separate keys for:
  • Development vs. production environments
  • Different applications using the Langdock API
  • Different teams or departments in your organization

Never Expose API Keys in Browser Requests

Important: Langdock does not support browser-based API requests. The Langdock API is designed exclusively for server-to-server communication. Attempting to make direct API calls from a browser will result in CORS (Cross-Origin Resource Sharing) errors.
API keys should never be exposed in client-side code because they would be:
  • Visible in browser network traffic
  • Accessible through browser developer tools
  • Extractable from JavaScript source code
  • Exposed to any user of your application
Your backend server should securely store the API key using the best practices described above and make requests to Langdock on behalf of your users.

Implement Key Rotation

Regularly rotate your API keys to minimize the risk of long-term exposure:
  1. Generate a new API key in your Langdock dashboard
  2. Update your applications to use the new key
  3. Monitor to ensure the transition is successful
  4. Revoke the old key after confirming the new one works
We recommend rotating keys at least every 90 days, or immediately if you suspect compromise.

Monitor Usage and Set Limits

Regularly review your API usage in the Langdock dashboard to detect any unusual patterns that might indicate a compromised key. Set up usage alerts and spending limits where possible to protect against unexpected charges from leaked keys.

What to Do If Your API Key Is Compromised

If you suspect your API key has been exposed:
  1. Immediately revoke the key in your Langdock dashboard
  2. Generate a new key with appropriate permissions
  3. Update your applications to use the new key
  4. Review your account activity for any unauthorized usage
  5. Contact Langdock support if you notice suspicious activity
  6. Document the incident for your security records

Need Help?

If you have questions about API key security or need assistance with your Langdock account:
  • Contact our support team at [email protected]
  • Review our Terms of Service and Privacy Policy for additional information
Remember: API key security is an ongoing practice, not a one-time setup. Regular review and updates to your security measures will help keep your Langdock account and applications safe.