apimaster
Instantly verify an AI provider API key — and reveal exactly what it exposes. Nothing is stored, nothing is logged.
How your key stays safe
Never touches a database
Your key lives only in page memory — no localStorage, cookies, or server storage of any kind.
Only read-only, free calls
We call list-models / whoami endpoints only. Never a billable completion or generation endpoint.
The proxy never logs your key
Same-origin relay for CORS-blocked providers. Zero logging, zero storage — auditable in the source.
Fully open-source
Read check.js and providers.js in this project to verify every claim yourself.
Honest limitation
A malicious browser extension could read the input field. No web tool can fully prevent that — use a clean profile for max caution.
Supported providers