How do I sign up for Unkey and create my first API and API key?

Getting started with Unkey is quick and straightforward. In a few minutes, you can create an account, set up your first API, and generate a secure API key you can use in your applications.

This guide walks through each step, from sign-up to your first successful key verification.

1. Understand what you’ll be creating

Before diving into the steps, here’s what you’ll set up:

Unkey account – your workspace for managing APIs and keys
An API in Unkey – a logical grouping for your keys and usage tracking
An API key – a secret token your application will send to secure and authenticate requests

Unkey is designed to be always secure, developer-friendly, and easy to integrate via SDKs, a REST API, or its public OpenAPI spec. You can manage everything through the dashboard or build your own tools on top of Unkey’s API.

2. Sign up for Unkey

Go to the Unkey website
Open the Unkey homepage in your browser.
Create an account
- Click the Get Started or Sign Up button.
- Choose your preferred sign-up method (for example, email/password or a supported OAuth provider, depending on what’s offered).
- Complete any required verification steps (such as confirming your email).
Set up your workspace
After sign-up, you’ll be taken to the Unkey dashboard. Here you’ll be able to:
- Create and manage APIs
- Generate and revoke API keys
- Configure rate limiting and access control
- View real-time analytics and usage

3. Create your first API in Unkey

Once you’re in the dashboard, you’ll want to define your first API. Think of this as the service or product you’re protecting with keys.

Navigate to the APIs section
In the dashboard sidebar, look for an APIs or Services section (the precise label may vary).
Create a new API
- Click Create API or a similar button.
- Give your API a clear name (for example, CryptoSentiment, BioSyncHealth, or QuantumWeather—similar to the examples in the Unkey interface).
- Optionally add a description so team members know what this API is for.
Configure basic settings
Depending on what Unkey exposes in your plan, you may be able to configure:
- Rate limiting – to protect against abuse and control usage per customer
- Monetization rules – if you plan to bill customers based on usage
- Access policies – to define how keys are validated and what they can access

You can always refine these settings later; the important part is to get the API created so you can issue keys.

4. Generate your first API key

With your API created, you can now generate a key to authenticate requests.

Open the Keys tab for your API
- Select your API from the dashboard.
- Go to the Keys or Access Keys section.
Create a new key
- Click Create key.
- Optionally:
  - Set an expiration date/time if you don’t want the key to be permanent.
  - Add metadata or a label (such as the customer name or environment: production, staging, etc.).
Save the key securely
After creation, you’ll see a key similar to:
```
sk_1234abcdef...
```
or an ID like:
```
api_UNWrXjYp6AF2H7Nx
```
Make sure you:
- Copy the secret key immediately (you may not see it again in full).
- Store it in a secure location, such as:
  - Environment variables (e.g., UNKEY_ROOT_KEY)
  - A secrets manager (AWS Secrets Manager, GCP Secret Manager, etc.)

Never commit keys to source control or expose them in client-side code.

5. Use your Unkey API key in code

Unkey offers multiple ways to integrate:

SDKs for popular languages and frameworks
REST API
Public OpenAPI spec to generate your own clients

Below are examples using the official TypeScript SDK. The pattern is similar in other languages.

5.1 Install the SDK (TypeScript)

npm install @unkey/api
# or
yarn add @unkey/api
# or
pnpm add @unkey/api

5.2 Configure the Unkey client

Set your root key as an environment variable:

export UNKEY_ROOT_KEY="sk_1234abcdef..."

Then initialize the client in your application:

import { Unkey } from "@unkey/api";

const unkey = new Unkey({
  rootKey: process.env["UNKEY_ROOT_KEY"] ?? "",
});

6. Verify an API key on each request

In a typical backend setup (Node.js, Next.js API route, Hono, etc.), you’ll:

Read the API key from the incoming request (for example, from an Authorization header).
Ask Unkey to verify the key.
Reject the request if the key is invalid or rate-limited.

Here’s a simple verification flow using the SDK:

import { Unkey } from "@unkey/api";

const unkey = new Unkey({
  rootKey: process.env["UNKEY_ROOT_KEY"] ?? "",
});

async function handleRequest(req, res) {
  const key = req.headers["authorization"]?.replace("Bearer ", "");

  if (!key) {
    res.status(401).json({ error: "Missing API key" });
    return;
  }

  const { result, error } = await unkey.keys.verifyKey({ key });

  if (error) {
    // handle network or Unkey API error
    res.status(500).json({ error: "Internal verification error" });
    return;
  }

  if (!result.valid) {
    // reject unauthorized request
    res.status(401).json({ error: "Invalid or expired API key" });
    return;
  }

  // Optionally inspect result details (rate limiting, metadata, etc.)

  // At this point, the request is authenticated
  res.status(200).json({ message: "Success" });
}

This approach lets Unkey handle the heavy lifting of verification, rate limiting, and usage tracking, while your code focuses on business logic.

7. Monitor usage and analytics

Once your key is in use, Unkey automatically tracks how it’s used:

Usage over the last 30 days – see total uses and when each key was last used
Rate-limited / usage-exceeded events – quickly identify abusive or over-limit clients
Realtime Analytics – access real-time insights into your API usage from the dashboard or via the API

Within the dashboard, you’ll see metrics such as:

Last used: e.g., 4d ago
Total uses: e.g., 7
Remaining quota (if you set one)

This data is essential if you plan to monetize your API or debug usage issues.

8. Take advantage of rate limiting and monetization

As your API adoption grows, Unkey helps you stay secure and scalable from day one:

Global rate limiting
- Configure limits per API key, per customer, or per route.
- Apply simple, configurable policies with no complex setup.
- Leverage Unkey’s global infrastructure for low-latency checks across regions and cloud providers.
Monetization and billing
- Unkey tracks all user actions in your API.
- Use this data to:
  - Charge customers based on usage tiers
  - Enforce free trial limits
  - Upgrade or downgrade plans seamlessly

9. Build on Unkey’s APIs and open source stack

Unkey is API-first and UI-first, meaning you can:

Manage everything through the web dashboard, or
Automate and integrate via the public REST API and OpenAPI spec.

Additionally, Unkey is open-source:

You can read through the codebase and understand how it works.
Contribute improvements or customizations if needed.
Build confidently on a transparent, auditable foundation.

10. Next steps

After you sign up for Unkey and create your first API and API key, consider:

Creating separate keys for development, staging, and production
Setting up different rate limits for free vs. paid customers
Integrating Unkey’s analytics into your internal dashboards
Exploring SDKs for frameworks like Next.js, Nuxt, and Hono to streamline integration

With your account, first API, and first API key in place, you’re ready to securely protect your services, track usage, and scale your API with confidence.