All Products
Search
Document Center

Alibaba Cloud Model Studio:Generate a temporary API key

Last Updated:Jun 04, 2026

To call model services from untrusted environments such as browsers and mobile apps, use a secure backend service to generate temporary API keys. This prevents your permanent API key from being exposed.

Important

A temporary API key inherits all permissions from the API key used to create it, including access restrictions for specific models or knowledge bases.

Prerequisites

Get a permanent API key on the Key Management (Singapore), Key Management (Virginia), Key Management (Beijing), or Key Management (China (Hong Kong)) page. Then set the key as the DASHSCOPE_API_KEY environment variable. For more information, see Configure an API key as an environment variable.

Request example

By default, a temporary API key is valid for 60 seconds. Set a custom time-to-live (TTL) between 1 and 1,800 seconds using the expire_in_seconds parameter.

API keys differ by region.
The following example uses the Singapore region endpoint. Replace WorkspaceId with your actual workspace ID. For the Beijing region, replace the URL with: https://dashscope.aliyuncs.com/api/v1/tokens?expire_in_seconds=1800
# This is the Singapore region URL. Replace WorkspaceId with your actual workspace ID. URLs differ by region.
curl -X POST "https://{WorkspaceId}.ap-southeast-1.maas.aliyuncs.com/api/v1/tokens?expire_in_seconds=1800" \
-H "Authorization: Bearer $DASHSCOPE_API_KEY"

Response example

Successful response example

{  
    "token":"st-****",
    "expires_at":1744080369
}

Response parameters

Parameter

Type

Description

Example

token

String

Generated temporary API key.

st-****

expires_at

Number

Expiration time as a UNIX timestamp, in seconds.

1744080369

Error response example

{  
    "code":"InvalidApiKey",
    "message":"Invalid API-key provided.",
    "request_id":"902fee3b-f7f0-9a8c-96a1-6b4ea25af114"
}

Response parameters

Parameter

Type

Description

Example

code

String

Error code. For causes and solutions, see Error codes.

InvalidApiKey: The API key is invalid.

message

String

Error message.

Invalid API-key provided.

request_id

String

Request ID.

902fee3b-f7f0-9a8c-96a1-6b4ea25af114

FAQ

Q: Can I manually delete a temporary API key?

A: No. Temporary API keys have a fixed lifecycle and expire automatically. You cannot delete them before they expire.