Create & Manage API Keys

Admin Only — Paid Plan

API keys are available on the Paid plan only.

Creating an API Key

Navigate to API Keys under the Admin section in the sidebar.

1. Click the create button to open the form.
2. Fill in the fields:
   • Name — A descriptive name (e.g., "CI/CD Pipeline")
   • Expiry Date (optional) — When the key should expire
   • Description (optional) — What the key is used for (e.g., "Used by GitHub Actions deploy workflow")
   • Scopes — Check the permissions this key should have:
     • Sessions (Read)
     • Sessions (Write)
     • Resources (Read)
     • Audit Logs (Read)
     • Full Access (grants all scopes)
3. Click Create.

Copy Your Key

After creation, an alert appears: "Copy your API key now — it will not be shown again"

Click Copy to copy the full key to your clipboard. Store it in a secure location (e.g., GitHub Secrets, AWS Secrets Manager, HashiCorp Vault).

warning

The full API key is only shown once. If you lose it, you'll need to revoke it and create a new one.

API Keys Table

Column	Description
Name	Key display name
Key Prefix	First characters of the key (e.g., eg_live_1234...)
Scopes	Granted permissions
Last Used	When the key was last used to authenticate
Status	Active (green), Expired (yellow), or Revoked (red)
Created	When the key was created
(Delete)	Revoke button

Revoking a Key

1. Click the delete button (trash icon) on the key row.
2. A confirmation dialog appears: "Are you sure you want to revoke this API key? Any applications using it will immediately lose access."
3. Click Revoke to confirm, or Cancel to keep the key.

After revocation:

• The key is immediately invalidated
• Any requests using it will return 401 Unauthorized
• The key shows as Revoked (red) in the table

Key Expiration

Keys with an expiry date automatically become invalid after that date. They show as Expired (yellow) in the table. Expired keys should be revoked to clean up the list.

Best Practices

1. Minimal scopes — Grant only the permissions needed
2. One key per service — Use separate keys for each CI/CD pipeline or integration
3. Set expiration dates — For temporary access, always set an expiry
4. Rotate regularly — Rotate keys every 90 days
5. Monitor usage — Check Last Used to identify inactive keys

Next Steps

• API key scopes reference →
• CI/CD usage examples →

---

API Reference: For programmatic access, see Create API Key.