Skip to main content
Meterlane API keys authenticate your calls to the management API — the programmatic interface for creating routes, querying corridor quotes, listing payments, and managing your org’s configuration. Every key is scoped to your entire org, which means it covers all routes, corridors, and management operations under that org in a single credential.
API keys are not used to make x402 agent payments. Agent payment clients sign transactions with a wallet private key (your AGENT_PRIVATE_KEY). Keep the two credential types clearly separated in your implementation.

Key format

Every Meterlane API key begins with the prefix bp_live_ followed by 48 hexadecimal characters, for example: 
bp_live_a3f2c91d0e4b7823...
The full raw key is displayed exactly once at creation time in the dashboard. Meterlane stores only the first 16 characters (prefix) and a SHA-256 hash — it cannot show you the full key again. Copy the key immediately and store it in a secrets manager or environment variable.

Creating an API key

1

Open API Keys settings

In the dashboard sidebar, navigate to Settings → API Keys.
2

Generate a new key

Click Create API Key, enter a descriptive name (for example, production-worker or ci-pipeline), and confirm.
3

Copy the key immediately

The full bp_live_… key is shown only once. Copy it now and save it in your secrets manager. Once you close this dialog, the full key is gone from the dashboard.

Using an API key in requests

Pass your API key as a Bearer token in the Authorization header of every management API request: 
curl https://gateway.meterlane.app/api/routes \
  -H "Authorization: Bearer bp_live_a3f2c91d0e4b7823..."
The same header format applies to all management API endpoints, including corridor quotes and payment history: 
curl https://corridor.meterlane.app/corridors \
  -H "Authorization: Bearer bp_live_a3f2c91d0e4b7823..." \
  -H "Content-Type: application/json"

Reading keys from the environment

Never hard-code your API key in source code. Load it from an environment variable at runtime: 
const apiKey = process.env.METERLANE_API_KEY;

const response = await fetch("https://gateway.meterlane.app/api/routes", {
  headers: {
    Authorization: `Bearer ${apiKey}`,
    "Content-Type": "application/json",
  },
});

import os
import requests

api_key = os.environ["METERLANE_API_KEY"]

response = requests.get(
    "https://gateway.meterlane.app/api/routes",
    headers={"Authorization": f"Bearer {api_key}"},
)

Revoking a compromised key

If you suspect a key has been exposed, revoke it immediately:
1

Navigate to API Keys

Go to Settings → API Keys in the dashboard.
2

Revoke the key

Find the key by its name or prefix, click the Revoke button, and confirm. Revocation takes effect immediately — any in-flight requests using that key will receive a 401 Unauthorized response.
3

Issue a replacement

Create a new API key and update your environment variables or secrets manager with the new value.
Treat your API key like a password. Never commit it to source control, expose it in client-side JavaScript, or log it to your application logs. Only the first 16 characters of a key (the prefix) are safe to include in log output.

API keys vs. agent private keys

These two credential types serve different purposes and must never be confused:
CredentialFormatPurpose
Management API keybp_live_…Authenticates calls to the Meterlane management API (routes, corridors, billing)
Agent private keyECDSA private key (hex)Signs x402 X-PAYMENT headers so an AI agent can pay per-request in USDC
Your agent’s private key is never stored in or managed by the Meterlane dashboard. It lives in your deployment environment as AGENT_PRIVATE_KEY and is used exclusively by the x402 payment client. See the Security page for safe handling practices.