Skip to main content

LLM Provider Keys API

The LLM Provider Keys API manages the BYOK provider keys used by Quave ONE agent conversations and automations.

Security and validation

  • User-scoped provider keys belong only to the authenticated user.
  • Account-scoped provider keys require the Manage Credentials or Admin role for list, get, create, update, delete, set-default, test, and reveal.
  • Metadata responses never include plaintext API keys.
  • Create and update use the same backend validation as the dashboard UI, including provider support, required base URL checks, duplicate-name checks, immutable provider on update, encryption type checks, and default-key normalization.
  • Revealing a key emits a secret-decrypt audit event and requires quave:read:secrets for MCP callers.

List provider keys

User-scoped keys:

curl -H 'Authorization: YOUR_TOKEN' \
  'https://api.quave.cloud/api/public/v1/agent/llm-provider-keys?scope=user'

Account-scoped keys:

curl -H 'Authorization: YOUR_TOKEN' \
  'https://api.quave.cloud/api/public/v1/agent/llm-provider-keys?accountId=ACC_ID&scope=account'

Create a provider key

Omit accountId to create a user-scoped key. Include accountId to create an account-scoped key.

curl -X POST \
  -H 'Authorization: YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "accountId": "ACC_ID",
    "name": "OpenAI production",
    "provider": "openai",
    "apiKey": "PROVIDER_API_KEY",
    "defaultModel": "gpt-5",
    "isDefault": true,
    "enabled": true
  }' \
  https://api.quave.cloud/api/public/v1/agent/llm-provider-key

Get or update a provider key

curl -H 'Authorization: YOUR_TOKEN' \
  'https://api.quave.cloud/api/public/v1/agent/llm-provider-key?providerKeyId=PROVIDER_KEY_ID'
curl -X PATCH \
  -H 'Authorization: YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "providerKeyId": "PROVIDER_KEY_ID",
    "defaultModel": "gpt-5-mini",
    "enabled": true
  }' \
  https://api.quave.cloud/api/public/v1/agent/llm-provider-key

Set default, test, reveal, or delete

curl -X POST \
  -H 'Authorization: YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "providerKeyId": "PROVIDER_KEY_ID", "accountId": "ACC_ID" }' \
  https://api.quave.cloud/api/public/v1/agent/llm-provider-key/default
curl -X POST \
  -H 'Authorization: YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{ "providerKeyId": "PROVIDER_KEY_ID", "accountId": "ACC_ID" }' \
  https://api.quave.cloud/api/public/v1/agent/llm-provider-key/test
curl -X POST \
  -H 'Authorization: YOUR_TOKEN' \
  'https://api.quave.cloud/api/public/v1/agent/llm-provider-key/reveal?providerKeyId=PROVIDER_KEY_ID&accountId=ACC_ID'
curl -X DELETE \
  -H 'Authorization: YOUR_TOKEN' \
  'https://api.quave.cloud/api/public/v1/agent/llm-provider-key?providerKeyId=PROVIDER_KEY_ID&accountId=ACC_ID'