> ## Documentation Index
> Fetch the complete documentation index at: https://docs.orq.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create and manage project-scoped API keys with granular permissions for secure access to Orq.ai resources.

<Tip>
  The **AI Gateway** also has its own API keys with optional cost, token, and rate limits. See [AI Gateway API Keys](/docs/ai-gateway/api-keys).
</Tip>

## What are API Keys

API Keys are secure tokens used to authenticate requests to **Orq.ai**. Each key is scoped to a single project and carries a set of permissions that control what it can do.

Two key types are available, chosen by the key's owner.

### User keys

Tied to a specific user account and project. Automatically revoked if the user is removed from the organization or project. Use user keys for personal use and local development.

### Service account keys

Not tied to any individual user, with a lifecycle independent of user membership. Only workspace admins can create service account keys. Use service account keys for production systems, so access does not break when a team member leaves.

## Viewing API Keys

Navigate to **Organization > API Keys** to see all keys across projects.

The table shows the following columns:

| Column          | Description                         |
| --------------- | ----------------------------------- |
| **Created**     | Date the key was created            |
| **Name**        | Key label                           |
| **Type**        | `User` or `Service`                 |
| **Status**      | `Active`, `Disabled`, or `Revoked`  |
| **Permissions** | `All`, `Read only`, or `Restricted` |
| **Created by**  | User who created the key            |

Use the <kbd><Icon icon="bars-filter" /></kbd> menu to filter by <kbd><Icon icon="user" /> Type</kbd> or <kbd><Icon icon="shield-slash" /> Permissions</kbd>.

## Creating an API Key

<Steps>
  <Step title="Open the creation panel">
    Navigate to **Organization > API Keys** and select <kbd className="key"><Icon icon="plus" /> Create API key</kbd>.

    <Frame caption="The API key creation panel.">
      <img src="https://mintcdn.com/orqai/lqVyDy-llJ4XuTsl/images/createapikey.png?fit=max&auto=format&n=lqVyDy-llJ4XuTsl&q=85&s=bf62a70ca73b7becf2de6769846ea86e" alt="Create API key panel showing fields for owner, name, project, permissions, and expiration." width="683" height="507" data-path="images/createapikey.png" />
    </Frame>
  </Step>

  <Step title="Choose an owner">
    Select <kbd>You</kbd> to create a User key, or <kbd>Service account</kbd> to create a key not tied to any individual user.
  </Step>

  <Step title="Set name and project">
    Enter a **Name** for the key and select the [**Project**](/docs/ai-studio/get-started/projects) it will have access to.
  </Step>

  <Step title="Set permissions">
    Choose a permission preset. See [Permissions](#permissions) below.
  </Step>

  <Step title="Set expiration (optional)">
    Set an **Expiration** date if the key should automatically become inactive after a certain date.
  </Step>

  <Step title="Create and copy the key">
    Select <kbd className="key"><Icon icon="plus" /> Create API key</kbd>. A **Save your key** dialog appears showing the token and its permissions summary.

    <Frame caption="The Save your key dialog appears once after creation.">
      <img src="https://mintcdn.com/orqai/3prGSMBQVxQFUZZt/images/saveyourkey.png?fit=max&auto=format&n=3prGSMBQVxQFUZZt&q=85&s=f8c1157916531bf73e5051e5ad31b42b" alt="Save your key dialog showing the API key token with a Copy button and a Permissions summary reading Read and write API resources." width="678" height="307" data-path="images/saveyourkey.png" />
    </Frame>

    Click <kbd><Icon icon="copy" /> Copy</kbd> to copy the token.

    <Warning>
      The token is only shown once. Store it securely before closing this dialog. It cannot be retrieved afterwards.
    </Warning>
  </Step>
</Steps>

## Permissions

| Preset         | Description                                |
| -------------- | ------------------------------------------ |
| **All**        | Read and write access to all API resources |
| **Read only**  | Read access to all API resources           |
| **Restricted** | Custom per-resource access                 |

With **Restricted**, set the permission for each resource individually: <Icon icon="shield-slash" /> **None**, <Icon icon="book-open" /> **Read**, or <Icon icon="pen" /> **Write**.

<Info>
  **Write** permission automatically includes **Read** where Read is available for the endpoint.
</Info>

<Accordion title="Restricted permission resources">
  | Resource          | <Icon icon="shield-slash" /> None | <Icon icon="book-open" /> Read | <Icon icon="pen" /> Write |
  | ----------------- | :-------------------------------: | :----------------------------: | :-----------------------: |
  | Agent schedules   |                 ✓                 |                ✓               |             ✓             |
  | Agents            |                 ✓                 |                ✓               |             ✓             |
  | Annotations       |                 ✓                 |                ✓               |             ✓             |
  | Chunking          |                 ✓                 |                ✓               |             ✓             |
  | Datasets          |                 ✓                 |                ✓               |             ✓             |
  | Deployments       |                 ✓                 |                ✓               |             ✓             |
  | Evaluators        |                 ✓                 |                ✓               |             ✓             |
  | Feedback          |                 ✓                 |                ✓               |             ✓             |
  | Files             |                 ✓                 |                ✓               |             ✓             |
  | Guardrail rules   |                 ✓                 |                ✓               |             ✓             |
  | Human evaluations |                 ✓                 |                ✓               |             ✓             |
  | Identities        |                 ✓                 |                ✓               |             ✓             |
  | Knowledge bases   |                 ✓                 |                ✓               |             ✓             |
  | Memory stores     |                 ✓                 |                ✓               |             ✓             |
  | Policies          |                 ✓                 |                ✓               |             ✓             |
  | Projects          |                 ✓                 |                ✓               |             ✓             |
  | Prompts           |                 ✓                 |                ✓               |             ✓             |
  | Reporting         |                 ✓                 |                ✓               |                           |
  | Routing rules     |                 ✓                 |                ✓               |             ✓             |
  | Skills            |                 ✓                 |                ✓               |             ✓             |
  | Tools             |                 ✓                 |                ✓               |             ✓             |
  | **Gateway**       |                                   |                                |                           |
  | Chat completions  |                 ✓                 |                                |             ✓             |
  | Embeddings        |                 ✓                 |                                |             ✓             |
  | Images            |                 ✓                 |                                |             ✓             |
  | Models            |                 ✓                 |                ✓               |                           |
  | Moderations       |                 ✓                 |                                |             ✓             |
  | OCR               |                 ✓                 |                                |             ✓             |
  | Rerank            |                 ✓                 |                                |             ✓             |
  | Responses         |                 ✓                 |                ✓               |             ✓             |
  | Speech            |                 ✓                 |                                |             ✓             |
  | Transcriptions    |                 ✓                 |                                |             ✓             |
</Accordion>

## Managing Keys

<Frame caption="The API Keys management table showing all keys, their type, status, permissions, and actions.">
  <img src="https://mintcdn.com/orqai/lqVyDy-llJ4XuTsl/images/api-key-management.png?fit=max&auto=format&n=lqVyDy-llJ4XuTsl&q=85&s=d5ac05f9be248b679394b5bbb368fe9d" alt="API Keys management table listing keys with columns for name, type, status, permissions, and created by." width="1450" height="381" data-path="images/api-key-management.png" />
</Frame>

Select the <kbd><Icon icon="ellipsis" /></kbd> menu on any key to access the following actions:

* <kbd><Icon icon="pen" /> Edit</kbd>: update the name, permissions, or expiration date. The owner type cannot be changed after creation.
* <kbd><Icon icon="copy" /> Duplicate</kbd>: opens the creation panel pre-filled with the key's current settings.
* <kbd><Icon icon="trash" color="red" /> <span style={{color:"red"}}>Delete</span></kbd>: permanently removes the key. This cannot be undone.

<Info>
  A **Revoked** status means the key belonged to a user who was removed from the organization or project, or it has been revoked manually. Revocation is permanent.
</Info>

<Warning>
  **Legacy API keys** remain functional but cannot be transferred to the new format. To use granular per-resource permissions, create a new key and replace the legacy one.
</Warning>