Documentation
FAQ: How do I investigate unexpected key usage? in the NexoRouter documentation.
FAQ: How do I investigate unexpected key usage?
Unexpected usage usually comes from a forgotten tool, a shared key, a leaked key, retries, or an agent loop. Start with Usage Logs and rotate the key if you cannot explain the traffic quickly.
Immediate steps
- Disable or revoke the suspected key.
- Create a new low-budget key for the known app.
- Check Usage Logs for model ID, request time, request status, IP or client clues if available, and request IDs.
- Search local config, deployment secrets, CI variables, and tool settings for the old key.
- Lower budgets on keys used by coding agents or public demos.
Common causes
- A local tool keeps retrying in the background.
- A server deployment still has the old key in environment variables.
- A key was pasted into a screenshot, issue, chat, repository, or browser app.
- Multiple tools share one key, making attribution difficult.