apimaster

Instantly verify an AI provider API key — and reveal exactly what it exposes. Nothing is stored, nothing is logged.

How your key stays safe

Never touches a database

Your key lives only in page memory — no localStorage, cookies, or server storage of any kind.

Only read-only, free calls

We call list-models / whoami endpoints only. Never a billable completion or generation endpoint.

The proxy never logs your key

Same-origin relay for CORS-blocked providers. Zero logging, zero storage — auditable in the source.

Fully open-source

Read check.js and providers.js in this project to verify every claim yourself.

Honest limitation

A malicious browser extension could read the input field. No web tool can fully prevent that — use a clean profile for max caution.

Supported providers