All Products
Search

This Product

    Alibaba Cloud Model Studio:Generate a temporary API key

    Document Center

    Alibaba Cloud Model Studio:Generate a temporary API key

    Last Updated:Mar 18, 2026

    To call model services from untrusted environments, such as browsers and mobile apps, use a secure backend service to generate temporary API keys. This prevents your permanent API key from being exposed.

    Important

    A temporary API key inherits all permissions from the API key that creates it, including access restrictions for specific models or knowledge bases.

    Prerequisites

    Get a permanent API key on the Key Management (Singapore), Key Management (Virginia), Key Management (Beijing), or Key Management (China (Hong Kong)) page. Then, set the key as the DASHSCOPE_API_KEY environment variable. For more information, see Configure an API key as an environment variable.

    Request example

    By default, a temporary API key is valid for 60 seconds. You can set a custom time-to-live (TTL) between 1 and 1,800 seconds.

    API keys differ by region.
    The following URL is for the Singapore region. To use a model in the Beijing region, replace the URL with: https://dashscope.aliyuncs.com/api/v1/tokens?expire_in_seconds=1800
    curl -X POST "https://dashscope-intl.aliyuncs.com/api/v1/tokens?expire_in_seconds=1800" \
-H "Authorization: Bearer $DASHSCOPE_API_KEY"

    Response example

    Successful response example

    {  
    "token":"st-****",
    "expires_at":1744080369
}

    Response parameters

    Parameter

    Type

    Description

    Example

    token

    String

    Generated temporary API key.

    st-****

    expires_at

    Number

    Expiration time in UNIX timestamp (seconds).

    1744080369

    Error response example

    {  
    "code":"InvalidApiKey",
    "message":"Invalid API-key provided.",
    "request_id":"902fee3b-f7f0-9a8c-96a1-6b4ea25af114"
}

    Response parameters

    Parameter Name

    Type

    Description

    Example

    code

    String

    Error code.

    For more information about causes and solutions, see Error messages.

    InvalidApiKey: The API key is invalid.

    message

    String

    Error message.

    Invalid API-key provided.

    request_id

    String

    Request ID.

    902fee3b-f7f0-9a8c-96a1-6b4ea25af114

    FAQ

    Q: Can I manually delete a created temporary API key?

    A: No. A temporary API key has a fixed lifecycle and automatically expires.