Open Beta Archipelag.io is in open beta until June 2026. All credits and earnings are virtual. Read the announcement →

Docs/Platform/API Keys
Edit Report issue

API Keys

Create and manage API keys for programmatic access

API keys let you access the Archipelag.io REST API and SDKs programmatically. You can create multiple keys with different scopes for different applications.

Creating a key

Create API keys via the REST API:

curl -X POST https://api.archipelag.io/api/v1/api-keys \
  -H "Authorization: Bearer $SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-app", "scopes": "read,write"}'

The response includes the full key:

{
  "id": "abc123",
  "name": "my-app",
  "key": "ak_1a2b3c4d5e6f7g8h",
  "scopes": ["read", "write"],
  "created_at": "2026-03-13T10:00:00Z"
}
Save your key immediately
The full API key (`ak_...`) is shown **only once** on creation. After that, only the prefix is visible. Store it securely — you cannot retrieve it later.

Key format

All API keys follow the format ak_ followed by a random string:

ak_1a2b3c4d5e6f7g8h

When listing keys later, only the prefix is shown: ak_1a2b...

Scopes

Keys can have one or both scopes:

ScopePermissions
readList jobs, check job status, view Cargos, check account balance
writeSubmit jobs, create conversations, manage Cargos
Principle of least privilege
Use `read` scope for monitoring and dashboards. Only grant `write` scope to applications that need to submit jobs.

Using your key

Include the key in the Authorization header:

curl https://api.archipelag.io/api/v1/chat/completions \
  -H "Authorization: Bearer ak_1a2b3c4d5e6f7g8h" \
  -H "Content-Type: application/json" \
  -d '{"model": "mistral-7b", "messages": [{"role": "user", "content": "Hello"}]}'

Or with the Python SDK:

from archipelag import Client

client = Client(api_key="ak_1a2b3c4d5e6f7g8h")
# or set ARCHIPELAG_API_KEY environment variable
Environment variables recommended
Don't hardcode keys in source code. Set `ARCHIPELAG_API_KEY` as an environment variable and the SDKs will pick it up automatically.

Managing keys

  • List keys: GET /api/v1/api-keys — shows name, prefix, scopes, created date, last used
  • Revoke a key: DELETE /api/v1/api-keys/:id — immediately invalidates the key
  • Last used: Each key tracks when it was last used for auditing

Rate limits

API keys are rate-limited to 100 requests per minute. Exceeding this returns a 429 Too Many Requests response.

Security best practices

  • Never commit API keys to version control
  • Use environment variables or a secrets manager
  • Rotate keys periodically
  • Use read-only scope when write access isn’t needed
  • Revoke keys you’re no longer using
  • Use separate keys for separate applications

{% card(title="API Reference", href="/api/endpoints/") %} Full endpoint documentation

Python SDK

Python SDK setup and usage

JavaScript SDK

JavaScript SDK setup and usage

 {% end %}