API keys are used for programmatic access to your AuthRocket account using the AuthRocket API. The first API key is automatically created for each new account.
API keys is used to manage these keys. It requires “Manage Account” permissions to access.
Note: API keys are secret keys. They are only for use inside apps that you fully control, such as those that run on a server. They should never be embedded in mobile or desktop clients or sent to a web browser. For client and browser access, see the LoginRocket API which doesn’t require an API key for access.
In many cases, only one API key is required. However, if you are accessing AuthRocket from multiple apps, we recommend creating one key for each of them. In this way, if there is ever a need to retire or rotate a particular key, the key doesn’t have to be changed in every app at once.
Each new key can be given a descriptive name. Use this to describe which app will use it, the date it was created, or anything else helpful to you when managing your keys.
Click on Show key to view each key’s credentials.
Permissions for API keys work the same as for Team members, except that keys cannot be given permission to manage payments or the account itself.
| Permission | User data | Realm configuration |
|---|---|---|
| Read realms | Read | Read most |
| Write realms | Read/write | Read most |
| Manage realms | Read/write | Read/write |
Questions? Find a Typo? Get in touch.