API Keys

The API Keys app enables your users to generate and manage API keys for programmatic access to your backend services. API keys provide a secure way to authenticate requests, allowing developers to associate API calls with specific users or teams. Stack Auth provides prebuilt UI components for users and teams to manage their own API keys.

Overview

API keys allow your users to access your backend services programmatically without interactive authentication.

Stack Auth provides two types of API keys:

User API keys

User API keys are associated with individual users and allow them to authenticate with your API.

app/components/create-api-key.tsx

Team API keys

Team API keys are associated with teams and can be used to provide access to team resources over your API.

app/components/create-team-api-key.tsx

Enabling the API Keys App

To use API keys in your application, you need to enable the API Keys app in your Stack Auth dashboard:

Navigate to your Stack Auth dashboard
Go to the Apps section
Find and click on API Keys in the app store
Click the Enable button

Once enabled, you can configure User API Keys and Team API Keys in the app settings. The app will provide your users with a prebuilt UI to manage their own API keys.

Prebuilt UI Components

Stack Auth provides prebuilt UI components that allow your users to manage their own API keys without any additional code:

User API Keys UI

For frameworks that support React components, the <AccountSettings> component includes an API Keys tab where users can:

View all their active API keys
Create new API keys with custom descriptions and expiration dates
Revoke existing API keys
See when each key was created and when it expires.

app/src/account-page.tsx

Team API Keys UI

For team API keys, the team settings page automatically includes an API Keys section when:

The API Keys app is enabled
allowTeamApiKeys is configured in your project settings
The user has the $manage_api_keys permission for the team

Users with appropriate permissions can manage team API keys directly from the team settings interface.

Working with API Keys

Creating User API Keys

app/components/create-api-key.tsx

Creating Team API Keys

app/components/create-team-api-key.tsx

Listing API Keys

app/components/api-keys-list.tsx

Revoking API Keys

API keys can be revoked when they are no longer needed or if they have been compromised.

lib/api-keys.ts

Checking API Key Validity

You can check if an API key is still valid:

app/components/check-api-key.tsx

Authenticating Requests with API Keys

To validate incoming API requests with API keys on your server, use the getUser or getTeam methods with the apiKey option:

Validating User API Keys

app/api/protected/route.ts

Validating Team API Keys

For team API keys, use getTeam with the apiKey option:

app/api/team-protected/route.ts

Best Practices for API Key Authentication

Use HTTPS: Always use HTTPS in production to protect API keys in transit
Validate on every request: Never trust client-side validation alone
Use appropriate headers: Common header names include X-Stack-Api-Key, Authorization: Bearer <key>, or X-Api-Key
Rate limiting: Implement rate limiting to prevent abuse
Monitor usage: Track API key usage to detect anomalies

Overview

API keys allow your users to access your backend services programmatically without interactive authentication.

Stack Auth provides two types of API keys:

User API keys

User API keys are associated with individual users and allow them to authenticate with your API.

app/components/create-api-key.tsx

Team API keys

Team API keys are associated with teams and can be used to provide access to team resources over your API.

app/components/create-team-api-key.tsx

Enabling the API Keys App

To use API keys in your application, you need to enable the API Keys app in your Stack Auth dashboard:

Navigate to your Stack Auth dashboard
Go to the Apps section
Find and click on API Keys in the app store
Click the Enable button

Once enabled, you can configure User API Keys and Team API Keys in the app settings. The app will provide your users with a prebuilt UI to manage their own API keys.

Prebuilt UI Components

Stack Auth provides prebuilt UI components that allow your users to manage their own API keys without any additional code:

User API Keys UI

For frameworks that support React components, the <AccountSettings> component includes an API Keys tab where users can:

View all their active API keys
Create new API keys with custom descriptions and expiration dates
Revoke existing API keys
See when each key was created and when it expires.

app/src/account-page.tsx

Team API Keys UI

For team API keys, the team settings page automatically includes an API Keys section when:

The API Keys app is enabled
allowTeamApiKeys is configured in your project settings
The user has the $manage_api_keys permission for the team

Users with appropriate permissions can manage team API keys directly from the team settings interface.

Use HTTPS: Always use HTTPS in production to protect API keys in transit
Validate on every request: Never trust client-side validation alone
Use appropriate headers: Common header names include X-Stack-Api-Key, Authorization: Bearer <key>, or X-Api-Key
Rate limiting: Implement rate limiting to prevent abuse
Monitor usage: Track API key usage to detect anomalies

API Keys

On this page

Stack Auth AI

How can I help?

API Keys

On this page

Stack Auth AI

How can I help?