Skip to main content

Overview

Management Keys are only available to workspace admins. The Management Keys page is not visible to non-admin members.
Management Keys are workspace-scoped tokens for authenticating workspace administration operations. They can create, update, and revoke API keys and manage Budgets.
Management Keys cannot be used to query models or agents. Use a standard API Key for inference and product endpoints.

Use cases

  • Automating workspace provisioning via the API.
  • Delegating API key rotation to a deployment pipeline without granting full admin access.
  • Letting a billing automation script read and update Budgets without exposing API key management.

View Management Keys

Navigate to OrganizationManagement Keys to view all keys in the workspace.
Management Keys list with columns for Created date, Name, Status, Permissions, and Created by.
Click any row to open the edit panel and update the key’s name, permissions, or expiration date. Hover a row and click for additional options:
  • Edit: open the edit panel to update the key’s name, permissions, or expiration date.
  • Duplicate: create a new key with the same permissions.
  • Delete: permanently remove the key from the workspace.

Create a Management Key

1

Open the creation panel

Navigate to OrganizationManagement Keys and click New key.
Create new key dialog showing Name field, Permissions toggle with All, Restricted, and Read only options, API keys and Budgets capability rows, and an Expiration date field.
2

Enter a name

Enter a Name for the key (required, max 128 characters).
3

Set permissions

Select a Permissions mode, default is All. See Permission modes below.
4

Set expiration (optional)

Set an Expiration date if the key should stop authenticating after a certain date.
5

Create and copy the key

Click Create key. A Save your key panel appears showing the token.
The token is only shown once. Store it securely before closing this panel. It cannot be retrieved afterwards.

Permission modes

ModeDescription
AllFull read and write access to all capabilities.
RestrictedConfigure access per capability. Each capability can be set to None, Read, or Write independently.
Read onlyRead access to all capabilities.

Capabilities

Capability None Read Write
API keysNo access.List and view workspace API keys.List, view, create, update, and revoke workspace API keys.
BudgetsNo access.List and view workspace Budgets.List, view, create, and update workspace Budgets.
Management Keys are not available through MCP. Use the REST API to manage keys programmatically.