A privacy-first tool to validate LLM API keys instantly — client-side, no server, no logging.
If this project helps your work, support ongoing maintenance and new features.
ETH Donation Wallet
0x11282eE5726B3370c8B480e321b3B2aA13686582
Scan the QR code or copy the wallet address above.
- Zero friction: Paste keys → click button → get results
- Multi-vendor support: OpenAI, Anthropic, Google Gemini, Groq, Perplexity, HuggingFace, Replicate, and more
- Privacy-first: All checks run client-side in your browser
- Detailed results: View models, latency, rate limits, and error messages
- Dark mode: Built-in theme toggle
- API Access: Use via curl or any HTTP client
- CLI Tool: Command-line interface for automation and scripting
CheckAPIs can be used programmatically via HTTP API:
# Check single key
curl -X POST https://checkapis.pages.dev/api/check \
-H "Content-Type: application/json" \
-d '{"keys": ["sk-proj-..."]}'
# Check multiple keys
curl -X POST https://checkapis.pages.dev/api/check \
-H "Content-Type: application/json" \
-d '{"keys": ["sk-proj-...", "sk-ant-api03-...", "AIzaSy..."]}'Response:
{
"success": true,
"count": 1,
"results": [
{
"key": "sk-proj-...",
"provider": "openai",
"valid": true,
"models": ["gpt-4", "gpt-3.5-turbo"],
"latency": 245,
"rateLimit": "5000"
}
]
}Rate Limiting: 20 requests per minute per IP. See docs/API.md for full documentation.
# Install and build
npm run build:cli
# Validate keys
node dist/cli/cli/index.js sk-proj-...
node dist/cli/cli/index.js -f keys.txt
cat keys.txt | node dist/cli/cli/index.js --jsonSee docs/CLI.md for full CLI documentation.
- OpenAI
- Anthropic (Claude)
- Google Gemini
- Groq
- Perplexity
- HuggingFace
- Replicate
- Together AI
- Cohere
- Mistral
- AWS Bedrock (detection only)
- Azure OpenAI (detection only)
npm install
npm run devnpm run buildStatic files will be generated in the out directory.
- Build the project:
npm run build - Go to Cloudflare Pages
- Create a new project
- Upload the
outdirectory
npm install -g wrangler
wrangler pages deploy out --project-name=checkapiOr use the deployment script:
./scripts/deploy.shConnect your GitHub repository to Cloudflare Pages. The build settings:
- Build command:
npm run build - Build output directory:
out - Root directory:
/
See docs/DEPLOYMENT.md for detailed instructions.
- All API key validation happens in your browser
- Keys are never sent to any proxy server
- Keys are never logged or stored
- Displayed keys are always truncated (first 8 characters only)
CheckAPI is optimized for both traditional search engines and AI-powered search (ChatGPT, Claude, Perplexity):
- Structured Data: JSON-LD schema with FAQPage, WebApplication, and Organization markup
- LLM Optimization: llms.txt file for direct AI crawler access
- AI Crawler Permissions: Explicit allowances for GPTBot, Claude-Web, PerplexityBot
- Open Graph: Dynamic social sharing images
- Sitemap & Robots: Optimized for crawl efficiency
See docs/SEO.md for full documentation.
- Next.js 16 (App Router)
- TypeScript
- Tailwind CSS
- Lucide React (icons)
- Static export for Cloudflare Pages
├── app/ # Next.js app router pages
├── cli/ # CLI tool
│ ├── index.ts # CLI entry point
│ └── tsconfig.json # CLI TypeScript config
├── components/ # React components
├── docs/ # Documentation
│ ├── API.md # API documentation
│ ├── CLI.md # CLI documentation
│ ├── DEPLOYMENT.md
│ ├── RATE_LIMITING.md
│ └── roadmap.md
├── functions/ # Cloudflare Pages Functions
│ └── api/
│ └── check.js # API endpoint with rate limiting
├── lib/ # Utility functions
│ ├── cli.ts # Node-compatible exports
│ └── index.ts # Browser exports
├── public/ # Static assets
├── scripts/ # Deployment and utility scripts
├── tests/ # Test scripts
└── wrangler.toml # Cloudflare configuration
MIT
Explore more privacy-first and security tools:
- Timeseal - Time-locked encryption vault with Dead Man's Switch. AES-256 split-key crypto, ephemeral seals.
- Sanctum - Zero-trust encrypted vault with cryptographic plausible deniability. XChaCha20-Poly1305, Argon2id.
- GhostChat - True P2P encrypted chat via WebRTC. No servers, no storage, self-destructing messages.
- xmrproof - Monero payment verification, 100% client-side.
- BurpAPISecuritySuite - Burp Suite extension for API security testing. 15 attack types, 108+ payloads, BOLA/IDOR detection.
- Mcpwn - Automated security scanner for Model Context Protocol servers. Detects RCE, path traversal, prompt injection.
- SeekYou - OSINT tool for IP/domain/ASN reconnaissance.
- DiffCatcher - Git repo discovery, diff capture, code element extraction.
- burp-mcp-server - MCP server for Burp Suite Professional. Vulnerability scanning via AI assistants.
- nuclei-mcp - MCP server for Nuclei. Multi-target scanning, severity filtering.
- nmap-mcp - MCP server for Nmap. Stealth recon, vuln/NSE scanning.
- frida-mcp - MCP server for Frida. Dynamic instrumentation, SSL pinning bypass.
- 🔒 Privacy-First Development - P2P applications, encrypted communication, zero-knowledge systems
- 🚀 Web Application Development - Full-stack development with Next.js, React, TypeScript
- 🔧 WebRTC Solutions - Real-time communication, video/audio streaming, data channels
- 🛡️ Security Tool Development - Burp extensions, penetration testing tools, automation frameworks
- 🤖 AI Integration - LLM-powered applications, intelligent automation, custom AI solutions
Get in Touch: teycirbensoltane.tn | Available for freelance projects and consulting
Built with 💚 by Teycir Ben Soltane