- 1Verify the account email before creating a live key.
- 2Create or select the intended workspace.
- 3Use the API setup wizard as guidance, not persistent provider configuration.
- 4Add the smallest exact upstream hostname you need.
- 5Create a workspace key and store its one-time value securely.
- 6Review current launch boundaries before production-like traffic.
Guides
Practical paths from first workspace to safer API traffic
Short, honest setup guidance for the controls available today—plus clear boundaries around manual invitations, provider credentials, diagnostics previews, and billing.
SetupKeysAllowlistsRolesSecurity
Guide index
Choose the next job you need to finish
- 1Create keys only from a verified account with Owner, Admin, or Developer access.
- 2Copy the key when it is issued; do not paste it into tickets or screenshots.
- 3Use separate keys for separate applications or environments.
- 4Deactivate a key immediately when its owner or deployment changes.
- 5Never forward a tp_live or tp_test key as an upstream provider credential.
- 1Prefer an exact host such as api.example.com.
- 2Use *.example.com only when one subdomain level genuinely varies.
- 3Do not enter URLs, paths, query strings, credentials, ports, or public suffixes.
- 4Do not attempt to approve localhost, private ranges, metadata targets, or internal-only names.
- 5Re-sync workspace configuration after reviewed changes.
- 1Owner controls workspace lifecycle, privileged roles, and billing.
- 2Admin manages technical setup and standard members, but not billing or Owners.
- 3Developer manages technical configuration without members or billing.
- 4Billing receives narrow billing and usage access.
- 5Viewer receives dashboard and usage-safe access without mutations.
05 · Manual invitations
Share one-time invitation links through a recipient-specific channel
Contact support- 1Invite the exact email the recipient has verified.
- 2Copy the transient link only from the immediate create or reissue response.
- 3Do not save links in shared tickets, screenshots, analytics, or chat history.
- 4Tell the recipient to use a separate browser profile for the invited account.
- 5Revoke an unused link or reissue it when delivery is uncertain.
06 · Plan activation and billing
Plan activation is team-assisted and no self-serve charge is made
Request plan activation- 1Public plan prices describe the intended market-entry ladder.
- 2Growth and Scale checkout is available to authorized workspace billing roles; Starter and Enterprise remain reviewed.
- 3Automated usage synchronization is not enabled yet.
- 4Owner or Billing members can request plan activation.
- 5Do not provide payment credentials through email.
- 1Separate workspaces and keys by environment or trust boundary.
- 2Approve only the exact upstream hosts each workload needs.
- 3Keep ThrottleProxy credentials separate from provider credentials.
- 4Use correlation identifiers and sanitized activity instead of raw bodies or secrets.
- 5Suspend access and rotate keys promptly when a teammate or deployment changes.
Customer support
Need help choosing the safest setup?
Support is handled by our team. Send context without keys, credentials, invitation links, or sensitive request bodies.