Docs

Home All sections Swagger

Creating and managing API keys

Create a key, copy the secret once, name it, rotate it, revoke it.

Last updated June 3, 2026

Go to the live page Manage your API keys

API keys live on your API page. Each one is a long secret string starting with vlk_.

Using the Python SDK?

The same keys work for the SDK. See Installation and authentication for how to pass yours to vilvik.Client.

Creating a key

Open the API keys tab and press Create API key. The form asks for:

  • Name. A label so you can tell keys apart later. We recommend naming a key after the place that uses it: ci-runner, laptop-backups, research-notebook.
  • Description. Optional. A longer note about what the key is for.
  • Scopes. What the key is allowed to do. See Scopes and permissions. Pick the smallest set that lets your code work.
  • Expires at. Optional. Pick a date if you want the key to stop working automatically.

Press create. The page now shows the secret string once. Copy it into your secret manager. We do not show it again. If you close the page without copying, you have to rotate the key.

The same screen also shows a sample curl command with your new key already filled in. Run it from your terminal as a smoke test before you wire the key into your app.

Listing your keys

The same tab lists every key you have, with the prefix (the first twelve characters), the scopes, when it was last used, and from where. Press the row to open the audit log: every change to that key is recorded with who did it, when, and from which IP.

Rotating a key

Use rotation when you suspect the key has leaked. Open the row and press Rotate. The platform issues a new secret and invalidates the old one immediately. Update your code or secret manager with the new secret.

Rotation does not change the key's scopes. To change scopes, see Editing the scopes on an existing key.

Revoking a key

Press Revoke to disable the key without rotating. Revoked keys return 401 unauthorized on every request. You cannot un-revoke; if you need it again, create a new key.

How many keys can I have?

Free accounts can keep a few active keys at a time. Premium accounts can keep more. Old, unused keys are not removed automatically; if you do not need a key any more, revoke it.

Thanks for the feedback!