# Unkey — Open-Source API Key Management Platform

> Unkey is an open-source API key management platform that lets developers create, validate, and rate-limit API keys with sub-millisecond verification and usage-based billing support.

## Install

Save as a script file and run:

# Unkey — Open-Source API Key Management Platform

## Quick Use
```bash
git clone https://github.com/unkeyed/unkey.git
cd unkey
pnpm install
pnpm dev
# Dashboard: http://localhost:3000
# Or use the hosted API directly:
curl -X POST https://api.unkey.dev/v1/keys.createKey 
  -H "Authorization: Bearer YOUR_ROOT_KEY" 
  -H "Content-Type: application/json" 
  -d '{"apiId": "your_api_id"}'
```

## Introduction
Unkey is an open-source platform for managing API keys at scale. It provides a fast key verification API, built-in rate limiting, usage tracking, and temporary key expiration so that developers building API products can focus on their core logic rather than building key infrastructure from scratch.

## What Unkey Does
- Creates API keys with optional metadata, expiration dates, and rate limit configurations
- Verifies keys in under 10 milliseconds using a globally distributed edge network
- Enforces rate limits per key with sliding window and fixed window algorithms
- Tracks key usage analytics including verification counts, rate limit hits, and active keys
- Supports temporary keys that automatically expire after a set duration or number of uses

## Architecture Overview
Unkey is built as a Next.js monorepo with a Go-based API service for high-performance key operations. Key data is stored in PlanetScale (MySQL-compatible) with a Cloudflare Workers layer for edge verification. The verification path uses a tiered cache: edge cache for hot keys, regional cache for warm lookups, and origin database as the source of truth. This architecture delivers consistent sub-10ms verification globally.

## Self-Hosting & Configuration
- Clone the monorepo and run locally with pnpm for development; requires Node.js 18+ and Go
- Configure database connection via DATABASE_URL environment variable (MySQL-compatible)
- Set UNKEY_ROOT_KEY for bootstrapping initial API access and workspace creation
- Deploy the API service independently for production workloads behind a load balancer
- Docker Compose setup available for running all services locally with dependencies

## Key Features
- Sub-10ms key verification at the edge with multi-tier caching for global distribution
- Built-in rate limiting configurable per key with remaining quota returned in each response
- Temporary keys with expiration by time or by number of remaining verifications
- Key metadata for attaching custom JSON data (user IDs, plan tiers, permissions) to each key
- Usage analytics dashboard showing verification volume, error rates, and active key counts

## Comparison with Similar Tools
- **Auth0 M2M tokens** — Machine-to-machine OAuth tokens; heavier setup, no usage-based limits
- **AWS API Gateway API keys** — Tied to AWS infrastructure; no cross-cloud portability
- **Kong** — Full API gateway with key auth as one plugin; much larger operational surface
- **Zuplo** — API gateway with built-in key management; SaaS only, not self-hostable
- **Custom JWT-based auth** — Requires building verification, rotation, and rate limiting yourself

## FAQ
**Q: How fast is key verification?**
A: Unkey verifies keys in under 10 milliseconds globally by using edge caching and a tiered lookup strategy that avoids round-trips to the origin database for hot keys.

**Q: Can I attach custom data to API keys?**
A: Yes. Each key supports a metadata field where you can store arbitrary JSON such as user IDs, plan names, permission scopes, or any context your application needs.

**Q: How do temporary keys work?**
A: You can set a key to expire after a specific timestamp or after a fixed number of successful verifications. Once the limit is reached, Unkey automatically rejects further requests with that key.

**Q: Does Unkey handle billing?**
A: Unkey tracks usage per key, which you can use to build usage-based billing. It does not process payments directly but provides the verification count data needed to calculate charges.

## Sources
- https://github.com/unkeyed/unkey
- https://unkey.dev/docs/

---
Source: https://tokrepo.com/en/workflows/610a84c3-3f10-11f1-9bc6-00163e2b0d79
Author: Script Depot