Documentation

FAQ: How do I investigate unexpected key usage? in the NexoRouter documentation.

FAQ: How do I investigate unexpected key usage?

Unexpected usage usually comes from a forgotten tool, a shared key, a leaked key, retries, or an agent loop. Start with Usage Logs and rotate the key if you cannot explain the traffic quickly.

Immediate steps

  1. Disable or revoke the suspected key.
  2. Create a new low-budget key for the known app.
  3. Check Usage Logs for model ID, request time, request status, IP or client clues if available, and request IDs.
  4. Search local config, deployment secrets, CI variables, and tool settings for the old key.
  5. Lower budgets on keys used by coding agents or public demos.

Common causes

  • A local tool keeps retrying in the background.
  • A server deployment still has the old key in environment variables.
  • A key was pasted into a screenshot, issue, chat, repository, or browser app.
  • Multiple tools share one key, making attribution difficult.
FAQ: How do I investigate unexpected key usage? — NexoRouter