API Keys

API keys let you call the Elacity API from scripts, CI pipelines, and deployed agents without a browser session. Each key is scoped to a single organization.

Create an API key

1. Sign in to elacity.ai and select your organization
2. Navigate to Settings → API Keys
3. Click Create API Key, give it a descriptive name (e.g. ci-deploy, production-agent), and confirm
4. Copy the key immediately — it is only shown once

Use the key

Send your API key on every authenticated request using either header below. The same key works across the entire API.

X-API-Key

$
curl -H "X-API-Key: YOUR_API_KEY" \
>
  -H "Content-Type: application/json" \
>
  https://elacity.ai/api/environments/list \
>
  -d '{"orgSlug": "your-org"}'

Authorization: Bearer

Many HTTP clients and SDKs (including OpenAI-compatible libraries) send credentials as a Bearer token by default:

$
curl -H "Authorization: Bearer YOUR_API_KEY" \
>
  -H "Content-Type: application/json" \
>
  https://elacity.ai/api/environments/list \
>
  -d '{"orgSlug": "your-org"}'

1
import OpenAI from "openai";
2
3
const client = new OpenAI({
4
  apiKey: "YOUR_API_KEY",
5
  baseURL: "https://elacity.ai/api", // use the path from the API reference for your endpoint
6
});

If you send both headers on the same request, X-API-Key takes precedence.

Missing or invalid keys return 401 Unauthorized.

Manage existing keys

From the Settings → API Keys page you can:

• View a list of all active keys with their names and creation dates
• Revoke a key you no longer need — revocation is immediate and cannot be undone

Security best practices

• Rotate regularly — create a new key and revoke the old one on a schedule that fits your security policy
• Use one key per integration — if a key is compromised you can revoke it without disrupting other systems
• Never commit keys to source control — use environment variables or a secrets manager instead
• Restrict network access where possible using firewall rules or allowlists

Next steps