Published February 20, 2026

How to Get a Mistral AI API Key — and Connect It to Your Product

February 20, 2026

Updated May 2026

Mistral AI is a European LLM provider offering a range of models from cost-efficient small models to frontier multimodal flagships. If you're building an AI-native SaaS product, internal assistant, or agent system, you'll need a Mistral API key.

This guide covers:

Creating your Mistral account
Generating and securing your API key
Setting up billing
Testing your first API call
Using Mistral through Unified's Generative AI API
Connecting Mistral to SaaS platforms via [Unified MCP](/mcp)

Step 1: Create or Log In to Your Mistral Account

Go to https://console.mistral.ai and sign in or create a new account. You can register with email, Google, Microsoft, or Apple SSO.

On first login you'll be asked to:

Name your organization/workspace
Accept the Terms of Service and Privacy Policy

Workspaces scope billing, rate limits, and resource usage. Use names that match environments — dev, staging, prod — so you can manage keys and limits separately per environment.

Step 2: Activate a Plan

In the console, go to Subscriptions or Billing in the left sidebar.

Choose a plan:

Experiment (free) — for evaluation and prototyping. No credit card required, but phone verification is needed to activate API access. All models are accessible. Rate limits are conservative and not suitable for production workloads.

Scale (paid) — for production use. Unlocks higher rate limits and automatic tier upgrades as your cumulative spend increases.

For most developers testing the API, start with the Experiment plan. Upgrade to Scale before going to production.

Step 3: Create Your API Key

In the console, navigate to API Keys in the left sidebar, or go directly to https://console.mistral.ai/api-keys.

Click Create new key and configure:

Name: descriptive, like prod-backend, staging-worker, or dev-testing
Expiration date: optional but recommended. If set, the key automatically stops working after that date — useful for enforcing rotation without manual intervention. If not set, the key remains valid until you manually revoke it.

Confirm by clicking Create new key.

The full key is displayed once. Copy it immediately — Mistral does not store the secret value. If you close the dialog without copying, you'll need to revoke and regenerate.

Key format: Mistral API keys are opaque secret tokens with no standardized prefix — they don't start with sk- or any identifiable pattern. Store them in a password manager or secrets vault, not in source code or plain text files.

Step 4: Store Your Key Securely

# macOS / Linux
export MISTRAL_API_KEY="your_key_here"

# Windows PowerShell
$env:MISTRAL_API_KEY = "your_key_here"

The official Mistral SDK reads MISTRAL_API_KEY automatically.

Never:

Commit keys to Git, even private repos
Embed them in client-side code
Share them in logs, screenshots, or Slack

For production: use a secrets manager — AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault.

Step 5: Test Your API Key

Mistral uses standard Authorization: Bearer authentication:

curl https://api.mistral.ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $MISTRAL_API_KEY" \
  -d '{
    "model": "mistral-small-4",
    "messages": [
      {"role": "user", "content": "Explain what an API key is in two sentences."}
    ]
  }'

A successful response returns the model output in JSON. If the request fails, check the troubleshooting section below.

Important: avoid -latest aliases in production code. Mistral has deprecated generic aliases like mistral-large-latest in favor of explicit versioned model IDs. Use specific model strings from the table below or verify current IDs via GET https://api.mistral.ai/v1/models.

Which Mistral Model Should You Use?

Current model lineup as of May 2026. Verify exact model strings via GET /v1/models before shipping — Mistral updates naming conventions frequently and -latest aliases are deprecated.

General purpose models:

Model	API string	Input / 1M	Output / 1M	Best for
Mistral Medium 3.5	`mistral-medium-3.5`	$1.50	$7.50	Frontier multimodal, agentic tasks. Most capable current model.
Mistral Large 3	`mistral-large-3-2512`	$0.50	$1.50	High-quality general purpose. Strong at reasoning and coding.
Mistral Small 4	`mistral-small-4`	$0.15	$0.60	Balanced hybrid model. Good cost-to-quality ratio for most workloads.
Ministral 3 14B	`ministral-3-14b-2512`	$0.20	$0.20	Multimodal small model. Edge-friendly.
Ministral 3 8B	`ministral-3-8b-2512`	$0.15	$0.15	Smaller variant of Ministral 3.
Mistral Nemo 12B	`mistral-nemo-12b`	$0.02	$0.03	Cheapest general model. Multilingual.
Specialist models:

Model	API string	Input / 1M	Output / 1M	Best for
Devstral 2	`devstral-2-2512`	$0.40	$2.00	Frontier code agents.
Codestral	`codestral-2508`	$0.30	$0.90	Code completion.
Mistral Embed	`mistral-embed`	—	—	Text embeddings.
Prices per million tokens as of May 2026. Verify at `mistral.ai/pricing` before production budget planning.

Recommended default for new integrations: mistral-small-4 for most workloads. Use mistral-medium-3.5 for agentic and multimodal tasks where quality matters most. Use mistral-nemo-12b for high-volume, cost-sensitive workloads.

Deprecated — avoid in new code:

mistral-large-latest — deprecated alias, replaced by explicit versioned IDs
mistral-large (unversioned) — deprecated
mistral-medium (unversioned) — deprecated
magistral-* family — legacy
devstral-small-* earlier versions — legacy

Is the Mistral API Free?

Yes, with significant limits. Mistral offers a free Experiment plan for evaluation and prototyping.

What the Experiment plan includes:

All models accessible (including Large, Medium, Codestral, vision models)
No credit card required — phone verification only
Conservative org-level rate limits (~2 RPM, ~500K TPM, ~1B tokens/month — approximate, check your console for exact limits)
Not suitable for production workloads

For production, upgrade to the Scale plan. Once on Scale, rate limits increase automatically as your cumulative spend crosses thresholds:

Tier	Cumulative spend
Tier 1	Plan upgrade
Tier 2	> $20 billed
Tier 3	> $100 billed
Tier 4	> $500 billed
Higher limits	> $2,000 (contact support)

Security Best Practices

Set expiration dates on keys — Mistral's optional key expiration is a feature other providers don't offer. Use it. Set keys to expire quarterly and rotate proactively.
Use separate keys per environment — dev, staging, and prod should never share a key
Never expose keys in frontend code — all Mistral API calls must go through a trusted backend
Monitor usage — watch for unexpected token consumption in the console
Revoke unused keys — unused keys are an unnecessary attack surface
Use a secrets manager in production — AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault

Rate Limits

Mistral enforces three rate-limit dimensions at the organization level, enforced per API key:

RPS — requests per second
Tokens per minute
Tokens per month

When you exceed any limit you receive a 429 Too Many Requests response. Read the X-RateLimit-Remaining headers to implement backoff rather than hardcoding retry intervals.

Check your exact limits in the console under your organization's Limits page — values vary by model, tier, and account. Numeric limits are not published in Mistral's docs; the console is the source of truth.

How Mistral API Keys Compare to Other LLM Providers

Provider	Auth header	Endpoint	Env var	Key format	OpenAI SDK compatible?
OpenAI	`Authorization: Bearer`	`api.openai.com/v1`	`OPENAI_API_KEY`	`sk-` / `sk-proj-`	✓ native
Anthropic Claude	`x-api-key`	`api.anthropic.com/v1`	`ANTHROPIC_API_KEY`	`sk-ant-`	✗
Google Gemini	`x-goog-api-key`	`generativelanguage.googleapis.com/v1beta`	`GEMINI_API_KEY`	`AIza...`	✗
X.ai Grok	`Authorization: Bearer`	`api.x.ai/v1`	`XAI_API_KEY`	`xai-...`	✓
Groq	`Authorization: Bearer`	`api.groq.com/openai/v1`	`GROQ_API_KEY`	`gsk_...`	✓
Mistral AI	`Authorization: Bearer`	`api.mistral.ai/v1`	`MISTRAL_API_KEY`	opaque token (no prefix)	✓
Cohere	`Authorization: Bearer`	`api.cohere.ai/v1`	`CO_API_KEY`	not publicly documented	✗ (own SDK)
DeepSeek	`Authorization: Bearer`	`api.deepseek.com/v1`	`DEEPSEEK_API_KEY`	`sk-...`	✓
Hugging Face	`Authorization: Bearer`	`api-inference.huggingface.co`	`HF_TOKEN`	`hf_...`	partial (chat only)
Azure OpenAI	`api-key`	`{resource}.openai.azure.com`	`AZURE_OPENAI_API_KEY`	not publicly documented	✓ (via Azure SDK)
AnyScale¹	`Authorization: Bearer`	`api.endpoints.anyscale.com/v1`	`ANYSCALE_API_KEY`	`esecret_...`	✓
¹ Effective August 1, 2024, Anyscale Endpoints is available exclusively via the Hosted Anyscale Platform; multi-tenant LLM access was removed.

Mistral is one of the more OpenAI-compatible providers — same Authorization: Bearer pattern, similar request shape, and the OpenAI SDK works against Mistral by swapping the base URL. Key expiration is unique to Mistral among these providers.

Using Mistral in a Multi-Model Architecture

Most AI-native SaaS teams don't rely on a single provider long term. Common reasons: cost optimization, fallback when one provider degrades, model specialization, enterprise customer preference.

Instead of building separate integrations for Mistral, OpenAI, Anthropic, Gemini, and Groq, you can integrate once against Unified's Generative AI API.

Build once across LLM providers

Unified's Generative AI API standardizes three core objects across providers — including Mistral:

Model — id, max_tokens, temperature support

Prompt — model_id, messages, temperature, max_tokens, responses, tokens_used

Embedding — model_id, content, dimension, embeddings, tokens_used

This allows you to:

Switch between Mistral and other providers without rewriting integration code
Run the same prompt across models and compare outputs
Route requests dynamically based on cost or availability
Generate embeddings consistently across providers

Your product logic stays stable. Provider differences are abstracted at the integration layer.

Let Mistral take action via Unified MCP

Text generation is one layer. Production AI features require structured, authorized reads and writes against customer SaaS platforms — listing CRM deals, retrieving candidates, fetching files, updating records, writing notes.

Mistral supports MCP natively through its Connectors feature — any MCP-compatible server can be registered as a Connector and exposed to the model as tool calls. Unified's MCP server follows the same standard MCP client-server pattern and works with Mistral's tool-calling stack.

High-level flow:

Fetch tools formatted for Mistral: GET /tools?type=mistral
Include tools in your Mistral API request via the tools array
Mistral returns tool calls when it decides to invoke a tool
Call Unified: POST /tools/{id}/call
Return the tool result back to Mistral

MCP URLs (regional):

https://mcp-api.unified.to/mcp
https://mcp-api-eu.unified.to/mcp

MCP safety controls:

hide_sensitive=true — removes PII fields from tool results
permissions=... — restricts what the connection can do
tools=... — limits the tool set to reduce model overload
defer_tools — lowers tool token usage

LLMs have tool limits. Scoping is not optional — it's required for stable deployments.

Troubleshooting Common Errors

401 Unauthorized Key is invalid, inactive, or expired. Check for trailing whitespace. If you set an expiration date at creation, verify the key hasn't expired. Regenerate at console.mistral.ai/api-keys if needed.

400 Bad Request Request payload is malformed. Most common cause: wrong model string, missing required fields, or invalid JSON. Verify the model ID via GET /v1/models.

404 Not Found Model string is wrong or the model has been deprecated. Avoid -latest aliases — use explicit versioned IDs from GET /v1/models.

429 Too Many Requests You've exceeded your RPS, tokens/min, or tokens/month limit. Read X-RateLimit-Remaining headers and implement exponential backoff. On the Experiment plan, limits are very conservative — upgrade to Scale for production workloads.

5xx errors Server-side errors. Retry with backoff. Contact support if they persist.

FAQ

Is the Mistral API free? Yes — the Experiment plan is free with all models accessible, phone verification only, no credit card. Rate limits are conservative and not suitable for production. Upgrade to Scale for production workloads.

What does a Mistral API key look like? An opaque secret token with no standardized prefix — it won't start with sk- or any identifiable pattern. Copy it at creation — it won't be shown again.

Do Mistral API keys expire? Only if you set an expiration date when creating the key. If you don't set one, the key remains valid until you manually revoke it. Setting an expiration date is recommended as a security best practice.

Can I use the OpenAI SDK with Mistral? Yes. Mistral's API is OpenAI-compatible. Point the OpenAI client at https://api.mistral.ai/v1 with your MISTRAL_API_KEY and it works for most use cases.

Why should I avoid mistral-large-latest****? It's a deprecated alias. Mistral has replaced generic aliases with explicit versioned model IDs. Calls to deprecated aliases may break without notice. Use explicit IDs like mistral-large-3-2512 and verify current IDs via GET /v1/models.

What are the rate limit dimensions? Requests per second (RPS), tokens per minute, and tokens per month — all enforced at the organization level per API key. Check your exact limits in the console — Mistral doesn't publish specific numbers publicly.

How do rate limit tiers work? You start on the Experiment (free) plan with conservative limits. Upgrade to Scale for production, then tier up automatically as your cumulative spend crosses $20, $100, $500, and $2,000 thresholds.

How do I set the MISTRAL_API_KEY environment variable in Python?

export MISTRAL_API_KEY="your_key_here"

Then in Python:

from mistralai import Mistral

client = Mistral(api_key=os.environ["MISTRAL_API_KEY"])
response = client.chat.complete(
    model="mistral-small-4",
    messages=[
        {"role": "user", "content": "Explain what an API key is in two sentences."}
    ]
)
print(response.choices[0].message.content)

Key takeaway

Calling Mistral directly is straightforward. Building multi-model routing, embedding pipelines, agent-based write actions, and enterprise-grade SaaS integrations requires infrastructure.

Unified was built for AI-native SaaS teams that need:

Real-time data access
Unified pass-through architecture
Zero storage of customer data
Usage-based pricing aligned with API volume
MCP-compatible integration across 450+ integrations

Mistral generates intelligence. Unified connects that intelligence to structured SaaS data and authorized actions.

→ Start your 30-day free trial

→ Book a demo

All articles