# Generate API Keys

API keys let you connect external applications to <ProductName />. You need them to use API endpoints or when working in an SDK. You can create API keys at the workspace or organization level with different roles and permissions.

***

## About This Task

API keys authenticate your applications when making requests to the <ProductName /> API. Each key has:

- Scope: workspace or organization. Keys generated for a workspace grant access only to this specific workspace. Keys generated for an organization grant access to all workspaces in the organization.
- Type: personal or service. Personal keys are tied to your user account. Service keys are for automated systems. They're not linked to a specific user. Instead of a username, the search history will show the key name as the actor. Use this type for production applications or systems that connect to <ProductName />.
- Role: Determines what actions the key can perform.
- Expiration: Optional expiration date for security.

:::info 
API keys can't be used to create, modify, or delete other API tokens. This prevents unauthorized expansion of access. 
:::

### Security and Best Practices

- Use service keys for automated systems and production environments
- Set expiration dates for keys used in temporary or testing scenarios
- Regularly review and remove unused API keys
- Store API keys securely and never commit them to version control
- Use workspace-scoped keys when possible to limit access

## Prerequisites

Learn about available roles and their permissions to choose the right one for your key. Check [User Roles and Permissions](/docs/concepts/user-roles-and-permissions.mdx).

## Generate an API Key

### For a Workspace

1. Click your profile icon in the top right corner and choose _Settings_.
2. Go to _Workspace>API Keys_.
3. Click **Create API Key**:
   1. Choose if it's a personal or a service key.  
      Tip: Choose the _Service_ type for production use cases and systems that connect to <ProductShortName />. 
   2. Give your key a name. This is optional, if you don't type any name, the key ID is used.
   3. Set the expiration date.
   4. Choose the role to determine the key's permissions. 
4. Click **Create API Key**. 
5. **Important**: Copy and save your key. After you add it to <ProductName />, it remains masked.

### For an Organization

1. Click your profile icon in the top right corner and choose _Settings_.
2. Go to _Organization>API Keys_.
3. Click **Create API Key**:
   1. Choose if it's a personal or a service key.  
      Tip: Choose the _Service_ type for production use cases and systems that connect to <ProductShortName />. 
   2. Give your key a name. This is optional, if you don't type any name, the key ID is used.
   3. Set the expiration date.
   4. Choose the workspaces this key can access.
   5. Choose the role to determine the key's permissions. 
4. Click **Create API Key**. 
5. **Important**: Copy and save your key. After you add it to <ProductName />, it remains masked.