API keys

API keys let backend services call AIMP without a browser login. They belong to the active workspace.

Key lifecycle

Create the key in the API Keys page.
Store the full value in your secret manager immediately.
Use it with X-API-Key.
Monitor usage from Billing and Usage.
Revoke keys that are no longer needed.

API management endpoints

The product app uses these authenticated endpoints through the Gateway/Django API surface:

GET /api/api-keys/
POST /api/api-keys/
PATCH /api/api-keys/{id}/
DELETE /api/api-keys/{id}/

These management endpoints require a signed-in user session. Runtime execution uses the created key with X-API-Key.

Naming guidance

Use explicit names such as prod-checkout-worker, staging-search-service, or local-alice. Avoid names like test or new key because they make rotation and incident response harder.

​API keys

​Key lifecycle

​API management endpoints

​Naming guidance

API keys

Key lifecycle

API management endpoints

Naming guidance