Customer keys

Give a customer its own BYOK provider key

A customer key is a customer’s own bring-your-own-key (BYOK) provider credential. When set, it overrides your organization’s key for that vendor on that customer’s requests. Resolution for a vendor is: the customer’s own key if they have one, else your org’s key, else Merge-managed credentials.

Path: /v1/customers/{customer_id}/keys. A GET lists the customer’s usable key per vendor; vendors without a usable key under the customer’s key mode are omitted. A POST adds a customer key, overriding that vendor to CUSTOMER.

Fields

FieldDescriptionType
idMerge UUIDstring
vendorProvider slug, e.g. openaistring
key_ownershipThe resolved key’s owner: CUSTOMER, ORGANIZATION, or MERGEenum
created_at, modified_atTimestampsdatetime

Add a provider key

Pass the vendor as its slug (openai, anthropic), not its display name. Sending a display name that isn’t a known slug returns 400.

cURL
$curl -X POST https://api-gateway.merge.dev/v1/customers/{customer_id}/keys \
> -H "Authorization: Bearer mg_<your_production_key>" \
> -H "Content-Type: application/json" \
> -d '{ "vendor": "openai", "api_key": "sk-..." }'