API Keys Explained: How to Set Up AI Providers Securely

A clear guide to understanding API keys, setting them up for AI services, and keeping them secure.

API Keys Demystified: What They Are and Why You Need Them

If you've tried to use an AI tool beyond the basic free tier, you've probably encountered the term "API key." For many people, this is where enthusiasm meets confusion. What is it? Where do you get one? Is it safe? How much will it cost?

This guide answers all of those questions in plain language, walks you through setup for every major AI provider, and covers the security practices that protect your account and wallet.

What Is an API Key, Exactly?

An API key is a unique string of characters — something like sk-proj-abc123def456ghi789... — that acts as your identity when software communicates with an AI service.

Think of it this way: when you visit chatgpt.com and log in with your email and password, OpenAI knows who you are. But when a third-party application (like Cognito) wants to use OpenAI's AI on your behalf, it can't log in with your credentials. Instead, it uses your API key — a secure token that says "this request comes from an authorized user."

What an API Key Does

Authentication: Proves you have a valid account with the provider. Without a valid key, requests are rejected.

Billing: Every AI request costs the provider computing resources. The API key links requests to your billing account, so you only pay for what you use.

Rate Limiting: Providers impose limits (requests per minute, tokens per day) to prevent abuse and ensure fair access. Your API key tracks your usage against these limits.

Access Control: Different keys can have different permissions. You might create a read-only key for one application and a full-access key for another.

API Key vs. Subscription

This is a common source of confusion:

| | ChatGPT Plus Subscription | API Key | |---|:---:|:---:| | What it is | Monthly subscription ($20/mo) | Pay-per-use access | | Used for | chatgpt.com website | Third-party apps and tools | | Billing | Flat monthly fee | Per-token usage | | Typical cost | $20/month fixed | $1-10/month for most users | | Accessed via | Browser login | API key string | | Separate account? | Uses your regular account | Same account, but separate billing |

Important: A ChatGPT Plus subscription does not give you API access. You need to separately add billing to your API account at platform.openai.com.

Getting API Keys: Step-by-Step for Every Major Provider

OpenAI (GPT-4o, GPT-4, GPT-3.5)

Go to platform.openai.com (not chatgpt.com — they're different) Sign up or sign in with your OpenAI account Navigate to Settings → Billing and add a payment method Set a monthly spending limit (strongly recommended — start with $10) Go to API Keys in the left sidebar Click "Create new secret key" Give it a descriptive name (e.g., "Cognito Browser Extension") Copy the key immediately — you won't be able to see it again Store it securely (password manager recommended)

Pricing (2026 estimates): GPT-4o: ~$2.50 per 1M input tokens, ~$10 per 1M output tokens GPT-4o Mini: ~$0.15 per 1M input tokens, ~$0.60 per 1M output tokens GPT-3.5 Turbo: ~$0.50 per 1M input tokens, ~$1.50 per 1M output tokens

In plain English: A typical conversation costs $0.001-$0.01. Most casual users spend $1-5 per month.

Anthropic (Claude Opus, Sonnet, Haiku)

Go to console.anthropic.com Create an account or sign in Navigate to Billing and add a payment method Set a spending limit Go to API Keys Click "Create Key" Name it and copy it immediately

Pricing (2026 estimates): Claude Opus: ~$15 per 1M input, ~$75 per 1M output (premium model) Claude Sonnet: ~$3 per 1M input, ~$15 per 1M output (best value) Claude Haiku: ~$0.25 per 1M input, ~$1.25 per 1M output (budget-friendly)

Google (Gemini Pro, Flash, Ultra)

Go to aistudio.google.com Sign in with your Google account Click "Get API key" in the left sidebar Create a key in a new or existing Google Cloud project Copy the key

Pricing: Gemini offers a generous free tier. Gemini Flash is extremely cost-effective for lighter tasks.

OpenRouter (Access Multiple Providers)

OpenRouter is a meta-provider that gives you access to models from OpenAI, Anthropic, Google, Meta, and others through a single API key.

Go to openrouter.ai Create an account Add credits to your balance Copy your API key from the dashboard In Cognito, select OpenRouter as your provider

Advantage: One key, many models. Switch between GPT-4, Claude, Llama, and others without managing separate accounts.

Using API Keys with Cognito

Setting up your API key in Cognito takes about 30 seconds:

Click the Cognito extension icon in your browser Open Settings (gear icon) Select your AI Provider from the dropdown Paste your API key in the designated field Choose your preferred model Click Save

Critical security note: Your API key is stored locally in your browser — in Chrome's secure extension storage. Cognito never transmits your key to Cognito's servers. The key is used exclusively to make direct API calls from your browser to the AI provider.

Security Best Practices

API keys are credentials. Treat them with the same care as passwords.

Essential Security Rules

Never share API keys publicly: Don't post them in forums, GitHub repos, tweets, screenshots, or public documents. Automated bots scan for exposed API keys and can rack up hundreds of dollars in charges within minutes.

Set spending limits immediately: Every provider offers budget caps. Set them before using the key. Start low ($5-10/month) and increase as needed.

Use one key per application: Create a separate key for each tool you use. If one key is compromised, you can revoke it without affecting your other tools.

Monitor usage regularly: Check your provider's usage dashboard weekly. Unexpected spikes can indicate a compromised key.

Rotate keys periodically: Every 3-6 months, create a new key and delete the old one. This limits the damage window if a key is compromised without your knowledge.

Store keys in a password manager: Don't keep them in plain text files, sticky notes, or unencrypted documents. Use 1Password, Bitwarden, or similar tools.

What to Do If a Key Is Compromised

Immediately revoke/delete the key in your provider's dashboard Create a new key Check your billing for unauthorized usage Contact the provider's support if you see charges you didn't make Update the key in all applications that use it

The Free Alternative: Ollama (No API Key Required)

If you want to avoid API keys entirely — whether for privacy, cost, or simplicity — Ollama lets you run AI models locally.

Setup: Install Ollama from ollama.com Run ollama pull llama3.1 in your terminal In Cognito settings, select Ollama as your provider No API key needed — everything runs on your machine

Trade-offs: Free and completely private Requires decent hardware (8GB+ RAM for small models) Quality varies by model — local models are good but not quite GPT-4 level No internet required after initial model download

Best for: Privacy-sensitive work, offline use, avoiding recurring costs, experimentation.

Cost Optimization Strategies

Model Selection by Task

You don't need GPT-4 for everything. Match the model to the task:

| Task Complexity | Recommended Model | Approximate Cost | |----------------|------------------|:---:| | Quick questions, simple formatting | GPT-4o Mini or Haiku | ~$0.001/query | | Standard summarization and writing | Sonnet or GPT-4o | ~$0.005/query | | Complex analysis and reasoning | Opus or GPT-4 | ~$0.02/query | | Private/sensitive content | Ollama (local) | Free |

Practical Monthly Budgets

| Usage Level | Description | Estimated Monthly Cost | |-------------|------------|:---:| | Light | 10-20 queries/day, simple tasks | $1-3 | | Moderate | 30-50 queries/day, mixed tasks | $5-10 | | Heavy | 100+ queries/day, complex tasks | $15-30 | | Power user | All-day usage, long documents | $30-50 |

Cost-Saving Tips

Start conversations with context: Include relevant information upfront instead of going back and forth (fewer tokens) Use cheaper models for simple tasks: GPT-4o Mini is 20x cheaper than GPT-4 and handles most simple tasks well Use local models for experimentation: Test prompts with Ollama before sending them to paid APIs Monitor weekly: Check your usage dashboard every week to catch unexpected costs early Set alerts: Most providers let you configure email alerts at spending thresholds

Frequently Asked Questions

Q: Can someone use my API key if they get it? Yes. An API key is like a credit card number — anyone who has it can make charges to your account. This is why spending limits and key rotation are essential.

Q: Is my data safe when using an API key with Cognito? Your data goes directly from your browser to the AI provider (e.g., OpenAI's servers). Cognito never sees, stores, or routes your data through its own servers. With Ollama, data never leaves your machine at all.

Q: Do I need a different API key for each AI model? No. One API key per provider gives you access to all of that provider's models. For example, one OpenAI key works for GPT-4, GPT-4o Mini, and GPT-3.5.

Q: What happens if I hit my spending limit? API requests will fail with an error. Cognito will show you a message indicating the issue. You can increase your limit in the provider's billing dashboard.

Q: Can I use Cognito without any API key? Yes — use Ollama as your provider for completely free, local AI with no API key required.

---

Related Reading

Local AI with Ollama Privacy-First AI ChatGPT vs Claude vs Gemini

Resources

OpenAI API Documentation Anthropic API Documentation