Service Keys

Service keys are the backend automation credential for the AI platform. They are organization-scoped, long-lived, and intended for trusted server environments that need to manage resources or inspect runtime behavior programmatically.

This page documents the intended polished product model. The current app already supports listing, creating, fetching, and revoking service keys, but the docs intentionally describe the full backend automation story.

What service keys are

Service keys should be used for:

  • CI pipelines
  • server-side orchestration
  • internal admin tools
  • backend-triggered prompt, agent, and voice workflows
  • runtime inspection and cost analysis jobs

They should never be embedded in a browser or shipped to untrusted clients.

Current product support

The current app already exposes:

  • service key listing
  • service key creation
  • one-time raw key reveal and copy
  • revocation

The first preset is ai_platform_full_control, and the backend already authorizes service-key principals against resource scopes such as prompts, tools, agents, models, runs, and voice agents.

Treat service keys as infrastructure credentials:

  • store them in a secret manager
  • rotate them on a schedule
  • create separate keys for different systems
  • revoke immediately if exposed

Example workflow

Create a service key

curl -X POST "$API_BASE/api/service-keys" \
  -H "Authorization: Bearer $USER_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "organizationId": "org_123",
    "name": "CI deployment pipeline",
    "preset": "ai_platform_full_control"
  }'

Use a service key

curl "$API_BASE/api/prompts?organizationId=org_123" \
  -H "Authorization: Bearer $SERVICE_KEY"

Was this page helpful?