# API Keys

API keys are the credentials used to authenticate requests to the [Public API](https://docs.wobby.ai/settings/public-api). Each key is scoped to your organization and grants full access to the Public API endpoints.

{% hint style="info" %}
API key management is available to all [**Admins**](https://docs.wobby.ai/settings/members).
{% endhint %}

## Creating an API key

1. Go to **Studio > Settings > API Keys**
2. Click **Create API Key**
3. Enter a **Name** (required) — choose something descriptive, like `CI/CD Pipeline` or `Data Team Automation`
4. Optionally add a **Description** for extra context
5. Optionally set an **Expiration** — the key will automatically stop working after this date. Leave blank for a key that never expires
6. Click **Create**

The secret key (`sk_...`) is shown **once** immediately after creation. Copy it and store it securely — you will not be able to view it again.

{% hint style="warning" %}
Treat your API key like a password. Store it in a secrets manager or environment variable — never commit it to source control.
{% endhint %}

## Using an API key

Pass the key as a Bearer token in the `Authorization` header of every request:

```
Authorization: Bearer sk_...
```

Example with curl:

```bash
curl https://app.wobby.ai/api/public/v1/semantic-layer \
  -H "Authorization: Bearer sk_..."
```

## Viewing existing keys

Navigate to **Studio > Settings > API Keys** to see all keys for your organization. The list shows:

| Field       | Description                                    |
| ----------- | ---------------------------------------------- |
| Name        | Human-readable label you gave the key          |
| Description | Optional notes                                 |
| Last used   | When the key was last used to make an API call |
| Created     | When the key was created and by whom           |
| Status      | Active or revoked                              |

{% hint style="info" %}
The secret value is never shown again after creation. If you lose a key, revoke it and create a new one.
{% endhint %}

## Revoking a key

1. Go to **Studio > Settings > API Keys**
2. Find the key you want to remove
3. Click the **Revoke** button next to it
4. Confirm the action

Revoked keys are immediately rejected by the API. Any automation using that key will stop working, so make sure to rotate to a new key before revoking an old one.

## Audit trail

All API requests made with a key are attributed to that key in the [Audit Logs](https://docs.wobby.ai/governance/audit-logs). You'll see entries like `API Key: CI/CD Pipeline` as the actor for any changes made via the API.