Dev API Keys
API keys are project-scoped developer credentials. They let automation and server-side tools access project resources without an interactive hosted login, making them suitable for local development, CI pipelines, and backend environments.
Key properties:
- Scoped to a single project
- The full key value is shown only once at creation time - copy it immediately and store it securely
- SkyState stores only the key hash and prefix, not the plaintext key
- Keys can be revoked at any time; revocation is immediate and permanent
Managing API Keys
Console
Create, view, and revoke keys from the Project Settings page in the console. See Project Settings - API Keys section for step-by-step instructions.
CLI
Use sky project keys to create, list, and revoke project keys from the terminal. The onboarding wizard may create a key for Node.js or curl snippets when you choose that option.
Using an API Key
Use API keys only from trusted automation or backend code. Browser SDK auth uses hosted login and SkyState bearer tokens.
The key value looks like sky_.... Send it as Authorization: ApiKey <sky_...> for direct HTTP calls. Never commit it to source control - use an environment variable or secrets manager.
The metadata endpoint for the currently authenticated API key is:
text
GET /v1/api-key/info