Trust

MetisRouter Security

Security guidance for teams using MetisRouter API keys, request logs, billing controls, and production workflows.

Last verified: 2026-06-05

Security practices

MetisRouter users should keep API keys scoped, rotated, and separated by app or workflow when practical.

  • Store API keys in server-side secrets, not public clients.
  • Use separate API keys for customers, environments, or workflows.
  • Share request IDs, not API keys, when contacting support.

Operational visibility

Usage Logs provide request IDs, model IDs, endpoint types, latency, usage, and charged amount for debugging and audit workflows.

  • Review failed requests before retrying.
  • Use bounded output limits to control spend.
  • Email support@metisrouter.com for security-sensitive support issues.

API key and account safety

Treat MetisRouter API keys like production infrastructure secrets. Keys should live in server-side secret stores, CI/CD secret managers, backend environment variables, or trusted automation platforms, not in browser code, public repositories, screenshots, or shared customer-facing documents.

  • Create separate keys for production, staging, local testing, customers, agencies, and high-risk automation workflows.
  • Rotate any key that appears in logs, screenshots, commits, chat transcripts, or third-party tools you no longer control.
  • When asking for support, share request IDs, model IDs, timestamps, and endpoint paths instead of API key values.

Billing and abuse controls

Security and billing are connected for AI APIs because one leaked key can create real model spend. MetisRouter uses published model pricing, minimum balance rules, request reserve behavior, and usage records to help teams understand exposure before and after traffic reaches an upstream model.

  • Set bounded max_tokens, max_completion_tokens, or max_output_tokens values for long text and agent tasks.
  • Review generated asset counts, audio duration, video seconds, and parameter branches for multimodal requests.
  • Investigate unusual charged USD, latency, or endpoint patterns quickly with Usage Logs.

Support escalation for security issues

Security-sensitive support requests should include enough context to investigate without exposing secrets. If you suspect account compromise, key exposure, abnormal usage, or billing abuse, mark the message urgent and include the affected account email, API key name, first observed time, and representative request IDs.

  • Use support@metisrouter.com for urgent account, key, and security-sensitive API issues.
  • Use hello@metisrouter.com for high-volume account planning, procurement, and commercial usage discussions.
  • Do not send prompts, files, or user data unless they are necessary for the investigation and appropriate to share.

FAQ

Where should support requests go?

Email support@metisrouter.com with request IDs and account context.

Where should high-volume usage requests go?

Use the High-volume sales inquiry contact for high-volume usage and commercial account questions.