What Are API Keys?
API keys are credentials that identify and authorize you when making requests to Authenta’s API.
Each key contains:
- API Key → A unique token used to authenticate requests
- Assigned permissions → Which operations the key can perform
- Creation date → When the key was created
⚠️ The API key is shown only once when created.
You must store it securely — Authenta does not display it again.
Where to Manage API Keys
Navigate to:
Settings → API KeysHere you will see:
- A list of your existing keys
- Their permissions
- Usage per key
- Options to create or revoke keys
If you have no keys yet, you will see a Create API Key button.
Creating a New API Key
Click Create API Key to open the creation dialog.
You will be prompted to configure:
1. Key Name
A label used to help you identify the purpose of the key.
Examples:
Backend-Server-KeyMobile-App-KeyVideo-Pipeline-Key
2. Permissions
Authenta supports the following permission types:
| Permission | Allows |
|---|---|
| Read | Fetching media, viewing metadata (GET) |
| Write | Uploading media (POST) |
| Delete | Removing media (DELETE) |
Permissions restrict which API operations a key may perform.
If a key does not have the required permission, requests will return:
403 — Forbidden (You are not authorized)Viewing API Keys
After a key is created, you will see:
- Key name
- Permissions
- Date created
- Options to manage the key
Viewing the API Key
After creation, the API key is not shown again.
If you lose the key:
- You must regenerate it
- The previous key becomes invalid immediately
Regenerating the API Key
If your key has been lost or compromised:
- Open the key details
- Click Regenerate
- Copy the new key immediately
- Update your services to use the new key
A regenerated key:
- Invalidates the old key
- Does not change your Key Name
- Does not reset key-level permissions
- Does not affect your usage history
Revoking an API Key
If a key is no longer needed:
- Open the key details
- Click Revoke Key
- Confirm the action
Revoking a key:
- Immediately invalidates both API Key
- Prevents all further requests using that key
- Does not delete historical usage or logs
- Frees the key from active use (optional depending on UI behavior)
You may revoke a key at any time for security or cleanup purposes.
Best Practices for API Keys
To maintain secure and stable integrations:
🔒 1. Store Secrets Securely
Use environment variables, secret managers, or encrypted credential stores.
Never hard-code secrets into your source code.
🚫 2. Do Not Share API Keys
Keys are tied to your user account.
Sharing keys means sharing access to your quota and credits.
🔄 3. Rotate Keys Regularly
Regenerate secrets periodically to reduce long-term exposure risk.
🎯 4. Use Separate Keys for Separate Systems
Examples:
- One key for your backend server
- Another for automated batch processing
- Another for testing environments
This gives you fine-grained control and safer isolation.
📉 5. Monitor Quota Usage
Regularly review how your keys consume:
- Query quota
- Mutation quota
- Credits (for media processing)
If your integrations grow, consider increasing your user-level quota.
Next Steps
Once your key is created and configured:
- Learn how to authenticate API calls
- Start making media requests
- View endpoint details in the Media API Reference
Managing API keys correctly ensures secure and reliable access to the Authenta API.