API Keys
API keys are used to authenticate requests to the Caila API. Each key can be configured with different access permissions and restrictions.
Creating a Key
- Go to My Space.
- Open Settings → API Keys.
- Click Create Key.
- Enter the key name and configure the parameters.
- Save the key.
After creation, the key can be copied immediately or viewed later.
Access Permissions
Each key can be configured with a combination of permissions:
| Permission | Description |
|---|---|
| Read | Read information about services, models, and configurations |
| Write | Includes Read + manage services and settings |
| Predict | Execute requests to services (predict, chat, embeddings, etc.) |
For integrations that only call services, it is sufficient to enable only the Predict permission.
Key Restrictions
Restrictions allow you to control key usage: budget, request rate, and available services.
Spending Limits
Spending limits restrict the amount that can be spent using the key over a certain period.
Available intervals:
- Minute
- Hour
- Day
- Month
You can set up to 4 limits simultaneously — one for each interval. For example, you can limit spending to $10 per hour and $100 per day.
How balance replenishment works:
The balance is replenished continuously and evenly throughout the period. For example:
- A limit of $240 per day replenishes at a rate of $10 per hour (~$0.16 per minute)
- If the limit is fully exhausted, $5 will become available after half an hour
If enabled:
- When increasing the limit, the current available balance increases instantly. For example, if you change the hourly limit from $10 to $12, the available balance also increases by $2.
- The new limit is fully available. For example, a daily limit can be fully exhausted in the first minutes.
If disabled:
- When increasing the limit, the available balance does not change.
- A new limit is created with zero balance.
- The available balance replenishes evenly throughout the selected period.
Requests Per Minute Limit
Limits the number of API requests per minute, regardless of their cost. Helps control load and prevent unexpected resource consumption.
Service Filter
Restricts the list of services that can be accessed with this key.
Modes:
- All services — access to all services
- Selected services — only specified ones
- None — requests to services are prohibited
When selecting specific services, their identifier is specified in the format <account>/<service>, for example: just-ai/openai-proxy.
LLM Model Filter
When using LLM adapters (OpenAI API, Anthropic API, etc.), you can restrict the list of models available for requests.
Modes:
- All models — all provider models are available
- Selected models — only specified ones (e.g.,
gpt-4o,claude-3-opus) - None — LLM requests are prohibited
This is useful when you need to allow only inexpensive models.
Maximum Request Size
Limits the request size in bytes. Requests exceeding the limit will be rejected.
Key Expiration (TTL)
You can set an expiration period for the key. After the TTL expires, the key stops working and requests with it will be rejected.
Available units:
- Minutes
- Hours
- Days
- Months
Use TTL for temporary integrations or test keys so they automatically deactivate.
Expiration Notifications
You can specify email addresses to receive notifications about the approaching key expiration date. This will help you reissue the key in time and avoid sudden integration downtime.
Data Masking (JayGuard)
JayGuard is an optional feature for masking personal data in requests and responses.
When enabled:
- Before sending a request to the service, personal data (names, phone numbers, emails, etc.) is replaced with tokens
- In the response, tokens are replaced back with the original data
To use it, you need to specify a masking key — it determines which set of rules is applied.