Let your team use Claude Code, Cursor, and Codex without sharing master API keys.
RelayKey gives AI tools, contractors, and apps their own scoped, revocable keys — across the hundreds of APIs that still don't have modern auth. Production keys never leave the dashboard. Every call logged.
Free forever for 1 protected key. No credit card.
or try the interactive demoOne real key. Five scoped RelayKeys — three AI tools, one app, one contractor.
- Business teams get unstuck
- Give approved workflows their own limited access instead of hand-running exports, one-off scripts, and status checks.
- Engineering keeps control
- Set the exact methods, paths, expiration, IP policy, and owner for each access grant before it can touch the upstream API.
- Real keys stay sealed
- Add the production key once. RelayKey encrypts it, swaps it in only at request time, and lets you revoke access without rotating.
The business wants access. Engineering owns the risk.
Useful work needs real systems: HR, CRM, billing, scheduling, call-center data, internal tools. But once raw keys leave engineering, they leak through GitHub commits, AI coding tools, logs, browser applications, screenshots, support tickets, Slack, contractors, CI output, and pasted .env files.
new hardcoded secrets hit public GitHub commits in 2025.
year-over-year growth in AI-service secret leaks.
secret leak rate for Claude Code-assisted commits versus baseline.
disclosed unauthorized access to a limited number of tokens through a GitHub workflow, then invalidated them.
From shared master keys to scoped tool access.
A developer wants Cursor to query Stripe. A teammate wants Claude Code reading HubSpot. The choices are: share the master key, write a one-off wrapper, or say no. None of those scale across a team.
Engineering adds the real key once. Each AI tool, developer, or workflow gets its own scoped RelayKey. Every request is logged. Revoke one tool's access without rotating the production key.
Your traffic passes through. Your payloads are not retained.
Putting a proxy in front of production APIs is a real ask. Here's what RelayKey handles, what it logs, and how to verify it.
Payloads are forwarded, not stored or inspected.
The proxy forwards request and response bodies without retaining them. Audit logs record methods, paths, decisions, status, duration, and source IP — not query strings or bodies by default.
Your master key is encrypted with a key we don't keep in the database.
Upstream production keys are AES-256-GCM encrypted using a master key that lives in the platform secrets store, outside the database. A SQL dump alone cannot decrypt them.
Or run it in your own VPC.
Self-hosted is available. Same dashboard, same scoped-key model — keys, traffic, and audit logs never leave your environment. RelayKey's cloud is contacted only for license validation.
Governed, temporary access for AI tools, contractors, and the long tail of APIs.
Workload identity federation, OIDC short-lived tokens, and scoped service accounts are the right primitive when both the caller and upstream support them. RelayKey is the governed access layer for the APIs and workflows that do not.
Most of enterprise runs on APIs that won't get there this decade.
HR, payroll, EHR, WFM, telephony, vertical SaaS, internal services — none of these will ship workload identity federation soon. The teams using them need scoped access today.
One Claude Code session touches ten APIs of mixed maturity.
Native identity on one of them doesn't help the other nine. RelayKey is the one place to scope, expire, and audit access across every upstream a single workflow uses.
Contractors and short-engagement access are still hard, even on modern APIs.
WIF assumes long-lived service identities. Issuing a 30-day, path-scoped, IP-pinned key for a contractor is what RelayKey does in one click — without minting a real upstream user.
We're not trying to replace native identity. We're the compensating control until every API gets there — and the orchestration layer for the workflows that span all of them.
Let teams use systems without losing custody of keys.
The business should not have to file another ticket for routine data work. Engineering cannot afford production secrets scattered across laptops, prompts, vendor tools, and one-off scripts. RelayKey gives both sides a controlled way to work.
- Manager and analyst access. Let approved operators pull the data they need without asking engineering to run every export.
- Agent keys. Let Codex, Cursor, Claude, or internal agents read and update only the paths their workflow requires.
- People and vendors. Issue temporary project access to teammates, contractors, and vendors without emailing or pasting the real key.
- Application keys. Give each production app, background job, integration, and support tool its own scoped RelayKey.
- One-click containment. When a key leaks from a new IP, block it before the upstream. When it leaks from trusted infrastructure, revoke the specific RelayKey instead of rotating the real upstream key everywhere.
Manager / analyst
Routine reports, data checks, and approved operational actions.
AI agent
Codex, Cursor, Claude, MCP server, or internal workflow agent.
Application
Production app, server, background job, or customer integration.
Vendor / contractor
Temporary external access with expiry and audit.
- Methods
- GET, POST
- Expires
- 7 days
- IP policy
- trusted only
- Audit
- every call
- Production key protected
- 1
- Limited access grants
- Many
- Logged with owner + path
- Every call
- Revoke without rotation
- 1-click
Control access to the systems your teams already use.
RelayKey works with OpenAI, Anthropic, Grafana, Stripe, HR, CRM, and most REST APIs that use Bearer, Basic, header-based, query-string, or OAuth 2.0 client_credentials auth.
Engineering stays in control.
Create a protected integration once, then grant access narrowly for the person, tool, or workflow that needs it. RelayKey sits between them and the upstream API, enforcing policy before any request is forwarded.
Add the real key once
Paste your real upstream API key once. RelayKey encrypts it at rest and never echoes it back in the dashboard.
Grant access for a workflow
Choose whether access belongs to a manager, contractor, application, or AI agent. Set the methods, paths, IP policy, and lifetime.
- owner: weekly-ops-report
- methods: GET
- paths: /v1/people, /v1/groups/*
- expires: in 7d
Route through RelayKey
The workflow, agent, or teammate calls proxy.relaykey.ai with the RelayKey. RelayKey checks scope, injects the upstream secret, writes the audit row, and blocks or forwards the request.
$ curl https://proxy.relaykey.ai/conn_hibob/v1/people \
-H "Authorization: Bearer rk_proxy_..."Method and path allowlists, default-deny.
Every RelayKey gets an explicit list of HTTP methods and glob path patterns. Anything outside that scope returns 403 from RelayKey before the upstream call is made and shows up in the audit log. No more handing broad production keys to one-off scripts and tools.
{
"allowed_methods": ["GET"],
"allowed_paths": [
"/crm/v3/objects/contacts/*",
"/crm/v3/objects/companies/*"
],
"deny_query_params": ["associations"],
"ttl_seconds": 86400
}Every request, attributed.
RelayKey logs the timestamp, key owner, method, path, decision, and response code for every proxied request. Filter by manager, analyst, application, agent, vendor, integration, or status. Export when you need it.
Stolen keys from new networks do not reach the upstream.
The first IP a key holder calls from is auto-trusted on the spot. Every new IP after that returns 423 Locked until they click a confirmation link in their inbox. A RelayKey leaked into a public repo, Slack thread, support ticket, or stolen laptop fails the second check before it can touch OpenAI, Stripe, Grafana, or your internal API.
RelayKey saw a request from a new IP for your support-agent key. The call was blocked until you confirm.
If this wasn't you, ignore this email - the request was blocked. Link expires in 24 hours.
Issue access from your own automations.
Give an AI agent or internal service a provisioner-scoped management key. It can mint short-lived RelayKeys within constraints you set, but it can never read or export the upstream key.
$ curl -X POST https://app.relaykey.ai/api/v1/delegated-credentials \ -H "Authorization: Bearer rk_mgmt_provisioner_..." \ -H "Content-Type: application/json" \ -d '{ "connection_id": "conn_a1b2c3", "name": "agent-run-2026-05-01", "allowed_methods": ["GET"], "allowed_paths": ["/crm/v3/objects/contacts/*"], "ttl_seconds": 900 }'
Give one AI tool a scoped key.
Start with one production key and one tool. Give Cursor, Claude Code, or Codex its own scoped RelayKey, watch the audit log, and revoke it without rotating the production key.
Building agents on RelayKey? Proxy reference (auth forwarding, headers, rate limits, audit shape) · Agent setup · llms.txt · OpenAPI