# RelayKey

Hosted API key safety layer. Clients add their master API key once; RelayKey issues
temporary, scoped, revocable proxy credentials so vendors and AI agents never see
the master key.

## Docs
- [Quickstart](https://relaykey.ai/docs)
- [Security model](https://relaykey.ai/security)
- [OpenAPI spec](https://relaykey.ai/api/openapi.yaml)
- [llms-full.txt](https://relaykey.ai/llms-full.txt)
- [AGENTS.md](https://relaykey.ai/agents)

## API
- POST https://app.relaykey.ai/api/v1/import — bulk-import a .env file, returns proxy URLs + tokens + ready-to-paste SDK snippets
- POST https://app.relaykey.ai/api/v1/connections — create a single connection
- POST https://app.relaykey.ai/api/v1/delegated-credentials — issue a scoped credential
- PATCH https://app.relaykey.ai/api/v1/delegated-credentials/{id} — widen scope
- POST https://app.relaykey.ai/api/v1/delegated-credentials/{id}/revoke

## Migrating a codebase to RelayKey
1. grep .env / .env.local for API keys
2. POST those keys to /api/v1/import (see https://relaykey.ai/agents)
3. Apply the SDK snippets the response provides (per-language, per-SDK)
4. curl https://proxy.relaykey.ai/conn_xxx/{path} to verify