Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

API Keys & Access

API keys are your credentials for accessing the Authenta API. You can create and manage API keys directly from your Authenta Console without any approval process.

This page explains how to create, manage, and use API keys.

What Are API Keys?

API keys allow you to:

  • Upload media programmatically
  • Fetch analysis results without using the UI
  • Integrate deepfake detection into their own applications or scripts
  • Manage media lifecycle (create, read, delete) through HTTP endpoints

Each API key is a token that acts as your authentication credential for making API requests.

Where to Manage API Keys

Navigate to the API Keys tab in your Authenta Console:

Settings → API Keys

On this page, you'll see:

  • A list of your existing API keys
  • Their creation date and usage
  • Options to create, view, or revoke keys

Creating an API Key

Click the Create API Key button to generate a new API key.

When creating a new key, you will configure:

1. Key Name

A descriptive label to help you identify the purpose of the key.

Examples:

  • Backend-Server-Key
  • Mobile-App-Key
  • Data-Pipeline-Key

2. Permissions

Select which operations this key is allowed to perform:

PermissionAllows
ReadFetching media and metadata
WriteUploading media
DeleteRemoving media records

You can select one or multiple permissions based on your integration needs.

If a key does not have the required permission, API requests will return:

403 — Forbidden (You are not authorized)

Generated Credentials

Once created, your API key generates:

  • API Key – A token in the format api__xxxxxxxx... used to authenticate requests

Example:

api_xxxxxxxx...

⚠️ Your API key is shown only once when created.
Store it securely immediately — Authenta does not display it again.

Managing Your API Keys

Viewing Keys

From the Settings → API Keys page, you can see:

  • Key name and creation date
  • Last used date
  • Permissions (Read, Write, Delete)
  • Usage metrics

Regenerating a Key

If you suspect a key has been compromised:

  1. Go to Settings → API Keys
  2. Click the Regenerate button for the key
  3. A new token will be generated (the old one becomes invalid immediately)
  4. Copy and store the new key securely

Revoking a Key

To disable a key:

  1. Go to Settings → API Keys
  2. Click the Revoke button
  3. The key will be deactivated immediately
  4. Any API calls using this key will return 401 – Unauthorized

API Key Best Practices

  • Do not commit keys to version control – Use environment variables or secret managers
  • Regenerate keys regularly – Especially if exposed or after staff changes
  • Use separate keys per environment – Keep production, staging, and testing keys separate
  • Assign minimal permissions – Only grant Read, Write, or Delete as needed
  • Monitor key usage – Check the API Keys page regularly for unexpected activity
  • Rotate keys annually – Even if not compromised, rotate as a security best practice

Next Steps