API Keys
API keys are how non-browser clients authenticate against the Runsite Public API — CI/CD pipelines, CLIs, scripts and any custom integration.
Keys are created and managed only from the dashboard. There is no public endpoint for issuing keys: that surface is intentionally kept inside the authenticated user session.
Key format
Section titled “Key format”All API keys use the prefix ak_live_ followed by a random hex string:
ak_live_a1b2c3d4e5f6...Scopes
Section titled “Scopes”Each key is assigned a scope that controls what it can do:
| Scope | Description |
|---|---|
read | Read-only access to projects, services and deployments |
write | Read + create/update projects, services, env vars and deployments |
admin | Full access including delete operations |
Pick the smallest scope that gets the job done — a CI deploy job rarely needs admin.
Lifecycle
Section titled “Lifecycle”From the dashboard you can:
- Create a key with a name, scope and optional expiration date.
- Rotate a key — generates a new secret and immediately invalidates the old one. Useful for periodic rotation or when a key may have leaked.
- Revoke a key — instantly disables it; any further request returns
401 Unauthorized.
Expired keys are automatically rejected.
Using a key
Section titled “Using a key”Send the key in the Authorization header on every Public API request:
curl https://api.runsite.app/api/projects \ -H "Authorization: Bearer ak_live_a1b2c3d4..."That is all there is to it. See the Public API reference for the full set of endpoints, or the API Explorer to try them interactively.