Skip to content

API Keys

Summary

An API key grants programmatic access to your jobs and devices. You create and manage your keys from the API Keys page in the web portal.

Create a key

  1. Open the web portal → API Keys.
  2. Click Generate API key.
  3. Fill in:
    • Name — a label to recognize the key (e.g. CI production).
    • Permissions — one or more scopes (see below).
    • Expiration — optional date; leave empty for a key that never expires.
  4. Click Generate.

The full key is shown only once. Copy it immediately and store it in a secure place (a secret manager, your CI credentials...). It can never be displayed again.

A key looks like:

amk_live_3f2a8b1c9d2e4f5a6b7c8d9e0f1a2b3c

Permissions (scopes)

A key carries one or more scopes — the principle of least privilege.

Scope Allows
READ Read‑only access (jobs, devices, executions)
TRIGGER Trigger executions
ADMIN Full access

An endpoint requires a specific scope. For example, running a job requires the TRIGGER scope — a READ‑only key will be rejected.

Expiration

  • If you set an expiration date, the key stops working the moment it expires — no manual action needed.
  • An expired key is rejected with API key is expired (see error codes).

Revoke a key

From the API Keys page, click Delete next to a key. The key is immediately invalidated — any integration using it stops working at once.

Security notes

  • A key only ever accesses its owner's resources — never another user's.
  • The key is stored hashed on the server; if the database leaked, keys could not be recovered.
  • Treat a key like a password: never commit it to source control, never share it.