LockLLM

Dashboard Guide

Manage API keys, view activity logs, configure webhooks, and monitor security events from the LockLLM dashboard.

Link to section: Dashboard OverviewDashboard Overview

The LockLLM dashboard is your central hub for managing API keys, viewing activity logs, configuring webhooks, and monitoring security events. Access it at https://www.lockllm.com.

Main sections:

  • API Keys - Create and manage LockLLM API keys
  • Proxy Settings - Add provider API keys for proxy mode
  • Activity Logs - View scan history and security events
  • Webhooks - Configure real-time notifications

Link to section: Managing LockLLM API KeysManaging LockLLM API Keys

Link to section: Creating an API KeyCreating an API Key

  1. Navigate to API Keys
  2. Click Create New API Key
  3. Enter a descriptive name (e.g., "Production API", "Development")
  4. Click Create
  5. Copy the key immediately - you won't be able to see it again
  6. Store it securely in your environment variables

Link to section: Viewing API KeysViewing API Keys

See all your API keys:

  • Key name
  • Created date
  • Last used timestamp
  • Partial key (last 4 characters for identification)

Note: Full API keys are never displayed after creation for security.

Link to section: Revoking API KeysRevoking API Keys

Delete API keys you no longer need:

  1. Find the key in your list
  2. Click Delete or Revoke
  3. Confirm deletion
  4. The key stops working immediately

Important: Deleted keys cannot be recovered. Create a new key if needed.

Link to section: Managing Provider API Keys (Proxy Mode)Managing Provider API Keys (Proxy Mode)

Link to section: Adding Provider KeysAdding Provider Keys

  1. Navigate to Proxy Settings
  2. Click Add Provider API Key
  3. Select your provider (OpenAI, Anthropic, Gemini, etc.)
  4. Enter your provider's API key
  5. Add a nickname (optional, helpful for multiple keys)
  6. For Azure: Enter endpoint URL, deployment name, API version
  7. Click Save

Your provider API key is securely stored.

Link to section: Viewing Provider KeysViewing Provider Keys

See all configured provider keys:

  • Provider name and logo
  • Nickname
  • Endpoint URL (for Azure/custom endpoints)
  • Last used timestamp
  • Enable/disable toggle
  • Delete option

Link to section: Enable/Disable Provider KeysEnable/Disable Provider Keys

Temporarily disable keys without deleting:

  1. Find your key in Proxy Settings
  2. Click the toggle switch
  3. Disabled keys won't be used for proxy requests

Useful for:

  • Testing different keys
  • Key rotation
  • Temporary disabling without losing configuration

Link to section: Deleting Provider KeysDeleting Provider Keys

Permanently remove provider keys:

  1. Find the key in Proxy Settings
  2. Click Delete
  3. Confirm deletion
  4. The key is permanently removed

Link to section: Viewing Activity LogsViewing Activity Logs

Link to section: Accessing LogsAccessing Logs

Navigate to Activity Logs to see all your scan history:

  • Direct API scans (/v1/scan)
  • Proxy mode requests
  • Webhook deliveries

Link to section: Log InformationLog Information

Each log entry shows:

  • Timestamp - When the scan occurred
  • Type - Scan API, Proxy Request, or Webhook Delivery
  • Status - Success, Failure, or Error
  • Scan Result - Safe/malicious with confidence score
  • Provider (proxy only) - Which LLM provider was used
  • Model (proxy only) - Which model was called
  • Request ID - Unique identifier for tracking

Privacy: Logs contain metadata only. Your prompts are never stored or logged.

Link to section: Filtering LogsFiltering Logs

Filter logs to find specific events:

  • By Type: Scans, Webhooks, Proxy Requests
  • By Status: Success, Failure, Error
  • By Date Range: Start and end dates
  • By Search: Search by request ID or webhook URL

Link to section: Understanding Scan ResultsUnderstanding Scan Results

Each scan result shows:

  • Safe/Malicious - Overall determination
  • Label - 0 (safe) or 1 (malicious)
  • Confidence - How confident the model is (0.0 to 1.0)
  • Injection Score - Likelihood of prompt injection (0.0 to 1.0)
  • Sensitivity - Detection level used (low/medium/high)

Example:

Confidence: 0.95 (95%)
Injection: 0.95
Sensitivity: medium

This indicates a very likely prompt injection detected with medium sensitivity.

Link to section: Viewing Log DetailsViewing Log Details

Click on any log entry to see full details:

  • Complete scan results
  • Request metadata
  • Prompt length (characters)
  • Response time
  • Error messages (if any)

Link to section: Log RetentionLog Retention

Logs are retained for 30 days then automatically deleted. This helps maintain your privacy while providing audit trails for recent activity.

Link to section: Exporting LogsExporting Logs

Currently, logs can be viewed in the dashboard. Export functionality is coming soon. For now, use the filters to find specific events and manually record important incidents.

Link to section: Setting Up WebhooksSetting Up Webhooks

Link to section: Creating WebhooksCreating Webhooks

  1. Navigate to Webhooks
  2. Click Add Webhook
  3. Enter your webhook URL (must be HTTPS)
  4. Select format:
    • Raw JSON - Complete data for custom processing
    • Slack - Pre-formatted for Slack incoming webhooks
    • Discord - Pre-formatted for Discord webhooks
  5. Optionally add a secret for signature verification
  6. Optionally add a custom message
  7. Click Save

Learn more about Webhooks

Link to section: Testing WebhooksTesting Webhooks

Test webhook delivery before using in production:

  1. Find your webhook in the list
  2. Click Test
  3. LockLLM sends a test payload to your URL
  4. Check your endpoint receives the payload
  5. Verify it responds with 200 OK

Link to section: Managing WebhooksManaging Webhooks

View all configured webhooks:

  • Webhook URL
  • Format (Raw/Slack/Discord)
  • Enabled status
  • Created date

Actions:

  • Edit - Update URL, format, or secret
  • Test - Send test payload
  • Enable/Disable - Toggle without deleting
  • Delete - Permanently remove

Link to section: Dashboard NavigationDashboard Navigation

Link to section: Quick AccessQuick Access

Top navigation provides quick access to:

  • Dashboard Home - Overview and recent activity
  • API Keys - Manage LockLLM API keys
  • Proxy Settings - Configure provider keys
  • Webhooks - Set up notifications
  • Activity Logs - View scan history
  • Documentation - Access help docs
  • Account Settings - Manage your profile

Link to section: Recent ActivityRecent Activity

The dashboard home shows:

  • Recent scans (last 10)
  • Blocked requests count (last 24 hours)
  • Total scans (all time)
  • Active webhooks count
  • Recent security events

Link to section: NotificationsNotifications

Inapp notifications appear for:

  • New blocked requests (high confidence)
  • Webhook delivery failures
  • API key usage milestones
  • System updates

Link to section: Account SettingsAccount Settings

Link to section: Profile InformationProfile Information

Update your account details:

  • Name
  • Email address
  • Password (change)

Link to section: Security SettingsSecurity Settings

Manage account security:

  • Two-factor authentication (2FA)
  • Active sessions
  • Login history

Link to section: Billing (Future)Billing (Future)

Currently, LockLLM is completely free with unlimited usage. Billing features are not yet available.

Link to section: Tips & TricksTips & Tricks

Link to section: Organizing API KeysOrganizing API Keys

Use descriptive names for easy identification:

  • "Production API - Main App"
  • "Development - Local Testing"
  • "CI/CD Pipeline"
  • Avoid: "Key 1", "Test", "New Key"

Link to section: Monitoring Security EventsMonitoring Security Events

Check your logs regularly for:

  • Unusual patterns in blocked requests
  • Sudden increases in malicious prompts
  • Failed webhook deliveries
  • Error trends

Link to section: Using Request IDsUsing Request IDs

Request IDs help you:

  • Trace requests from logs to your application
  • Debug issues with specific scans
  • Correlate webhook events with API calls
  • Provide support with specific examples

Copy the request_id from logs and search for it in your application logs.

Link to section: Provider Key ManagementProvider Key Management

Best practices for provider keys:

  • Use different keys for different environments
  • Add nicknames for easy identification
  • Rotate keys regularly (every 90 days)
  • Disable unused keys instead of deleting
  • Test new keys before using in production

Link to section: TroubleshootingTroubleshooting

Link to section: Can't Create API KeyCan't Create API Key

Problem: Create button doesn't work or returns an error.

Solution:

  1. Refresh the page
  2. Check browser console for errors
  3. Try a different browser
  4. Clear browser cache
  5. Contact support if issue persists

Link to section: Provider Key Not WorkingProvider Key Not Working

Problem: Proxy requests fail after adding provider key.

Solution:

  1. Verify the key is enabled (not disabled)
  2. Check the key is valid in your provider dashboard
  3. For Azure: Verify endpoint URL and deployment name
  4. Test the key directly with the provider first
  5. Check activity logs for specific error messages

Link to section: Logs Not ShowingLogs Not Showing

Problem: Activity logs appear empty or incomplete.

Solution:

  1. Check filter settings (remove all filters)
  2. Adjust date range to include recent activity
  3. Verify you're making API requests with your API key
  4. Check request authentication is correct
  5. Logs may take a few seconds to appear

Link to section: Webhook Not Receiving EventsWebhook Not Receiving Events

Problem: No webhooks being delivered.

Solution:

  1. Verify webhook is enabled (not disabled)
  2. Test the webhook from the dashboard
  3. Check your endpoint is publicly accessible (HTTPS)
  4. Verify your endpoint returns 200 OK
  5. Check activity logs for webhook delivery attempts
  6. Review webhook delivery errors in logs

Link to section: FAQFAQ

Link to section: How do I create an API key?How do I create an API key?

Navigate to API Keys → Click Create New API Key → Enter a name → Click Create → Copy the key immediately (you won't see it again).

Link to section: Where can I see my scan history?Where can I see my scan history?

Go to Activity Logs to view all your scans, including direct API scans and proxy requests. Logs include scan results, timestamps, providers, and models used.

Link to section: How long are logs retained?How long are logs retained?

Logs are retained for 30 days then automatically deleted. This provides a reasonable audit trail while respecting your privacy.

Link to section: Can I export my logs?Can I export my logs?

Export functionality is coming soon. For now, you can view and filter logs in the dashboard. Use filters to find specific events you need to record.

Link to section: What information is logged?What information is logged?

Only metadata is logged:

  • Request ID
  • Timestamp
  • Scan results (scores only)
  • Provider and model (proxy mode)
  • Prompt length (character count)
  • Status (success/error)

Your prompts are never stored or logged. We take your privacy seriously.

Link to section: How do I add a provider API key for proxy mode?How do I add a provider API key for proxy mode?

Go to Proxy Settings → Click Add Provider API Key → Select provider → Enter API key → Add nickname (optional) → Click Save. Your key is securely stored.

Link to section: Can I have multiple keys for the same provider?Can I have multiple keys for the same provider?

Yes! Add multiple keys with different nicknames (e.g., "Production" and "Development"). Useful for testing, key rotation, and multi-environment setups.

Link to section: What does "Last Used" mean?What does "Last Used" mean?

The "Last Used" timestamp shows the most recent time your API key or provider key was used to make a request. Helpful for identifying unused keys and monitoring activity.

Updated 2 days ago