Is my API key safe with AURA?

Is my API key safe with AURA?

Yes. Your API key security is one of our highest priorities. Here is exactly how we handle it:

How we store your key

• Your API key is encrypted using AES-256-CBC encryption before it is stored in our database.
• The encryption key is stored separately from the database — not in the database itself.
• Only the last 4 characters of your key are ever displayed in the AURA interface. The full key is never shown again after you save it.

What we do NOT do

• We do not share your API key with any third party.
• We do not sell, rent, or transfer your API key to anyone.
• We do not access your API key for any purpose other than making requests on your behalf when your chatbot responds to a user.
• Your API key is never written to logs or included in any error reports.

Your responsibility

While we take every precaution on our side, you are also responsible for keeping your API key secure:

1. Monitor your usage — Log in to your LLM provider's dashboard (e.g. OpenAI, Anthropic, Groq) regularly and check for unusual activity. AURA also shows your API usage in your dashboard under Settings → LLM Config.
2. Rotate your key if you suspect it has been compromised — you can update it in AURA at any time.
3. Set spending limits in your LLM provider dashboard as an additional safety measure.

⚠️ Important: If your API key is used or charged by an unauthorized third party through a means other than AURA, AURA bears no liability. Always treat your API key like a password.

AURA's API usage monitor

You can view all API calls made through AURA — including dates, models used, token counts, and estimated cost — in your dashboard at Settings → LLM Config. This gives you full visibility into how your key is being used by AURA.

If you have any security concerns, contact our support team immediately.