Where to Manage Keys
Mint, list, name, and revoke keys from the dashboard at app.wafer.ai. The UI surfaces every key on your account with its label, prefix, creation date, and last-used time, and gives you a one-click revoke. The same actions are available through the signed-in dashboard API. These routes require the user’s dashboard session, not an inference key:
For browser clients, call the same-origin app routes at
/api/serverless/keys; the app proxies the signed-in request to api.wafer.ai.
Key Format
Every key starts withwfr_ followed by a long opaque secret. Wafer Pass keys and Serverless keys share the prefix — the account tier is derived server-side from the key, not its first character. The dashboard always shows the first 12 characters plus … (the key_prefix); the full secret is shown exactly once, on the screen where you mint the key.
Limits
The default cap is 25 active keys per account. Hitting the limit returns a clear error message in the dashboard; revoke an unused key and try again. If you need more, reach out at emilio@wafer.ai.Revoking
Revoking a key takes effect immediately. Inference requests bearing the revoked secret start failing withinvalid_api_key (see the Error Reference) on the next request.
Revocation does not refund credits, prorate the current quota window, or affect any other key on the account.
Migration from Single-Key Accounts
Accounts created before multi-key support had exactly one key. After the rollout:- The original key was automatically migrated and shows up in the dashboard with the label
"Wafer Serverless". The secret itself didn’t change — anything in production that already had the old key still works. - The legacy rotate flow is no longer supported once the account has more than one active key. The replacement is mint-new-then-revoke-old, which is safer anyway: the new key is verified live before the old one stops working.