Skip to main content
Unkey is the API development platform that handles the infrastructure you’d rather not build yourself: API key management, rate limiting, and usage tracking — all with global performance and zero servers to manage.

API Keys

Issue, verify, and revoke keys with metadata, expiration, and usage limits built in.

Rate Limiting

Protect any endpoint from abuse — standalone or attached to API keys.

Usage Tracking

Know who’s using your API, how much, and when — with analytics out of the box.

Why Unkey?

Building API infrastructure from scratch means managing databases, Redis clusters, edge caching, and analytics pipelines. Unkey handles all of that so you can focus on your actual product.
DIY ApproachWith Unkey
Set up key storage, hashing, rotationunkey.keys.create()
Deploy Redis for rate limitingunkey.ratelimit.limit()
Build usage tracking & dashboardsBuilt-in analytics
Manage infrastructure globallyGlobally distributed
Unkey never stores your API keys in plain text. We hash them before storage, so even if our database were compromised, your keys stay safe.

What can you build?

Issue API keys to your users, verify them on every request, and automatically reject invalid or expired keys.
const { meta, data } = await unkey.keys.verify({ key: "sk_123..." });
if (!data.valid) return new Response("Unauthorized", { status: 401 });
Limit requests per user, per IP, per endpoint — or any identifier you choose. No Redis required.
const { success } = await limiter.limit(userId);
if (!success) return new Response("Too many requests", { status: 429 });
Track API usage per customer with credit limits and automatic refills. Perfect for tiered pricing.
// Create a key with 1000 credits/month that refills automatically
try {
  const { meta, data } = await unkey.keys.create({
    apiId: "api_...",
    credits: {
      remaining: 1000,
      refill: { amount: 1000, refillDay: 1 }
    }
  });
} catch (err) {
  console.error(err);
  throw err;
}
Use Identities to group keys under users or organizations, sharing rate limits across all their keys.
// All keys for this identity share the same rate limit pool
try {
  const { meta, data } = await unkey.keys.create({
    apiId: "api_...",
    externalId: "org_acme",
    ratelimits: [{ name: "requests", limit: 10000, duration: 3600000 }]
  });
} catch (err) {
  console.error(err);
  throw err;
}

Get started

Quickstart

Create your first API and verify a key in under 5 minutes.

Framework guides

Step-by-step guides for Next.js, Bun, Express, Hono, and more.

Choose your path

I need API key authentication

Issue keys to users, verify on requests, track usage per key.

I need rate limiting

Protect endpoints from abuse without managing Redis infrastructure.

I need both

Start with API keys — rate limiting can be added per-key or standalone.

I'm migrating from another solution

Bring existing keys to Unkey without disrupting your users.

Join the community

Questions? Ideas? Just want to hang out with other API builders?

Discord

Chat with the team and community

GitHub

Star us, report issues, contribute

Twitter / X

Follow for updates
Last modified on February 6, 2026