Manage API Keys with GraphOS Studio

List, rotate, and revoke GraphOS API keys in Studio

Manage your organization's API keys from one place in GraphOS Studio. Always create a unique key for each system to ensure you can rotate or revoke access without affecting unrelated workflows.

note
Only organization members with the Org Admin role can manage API keys.

Access your organization's API keys

To access your organization's API keys, go to your organization in GraphOS Studio and select the API keys tab.

List API keys

Use this list to review each key's name, type, status, expiration date, creation date, and last-used date.

Use the search field to find a key by name. Use the All types and All statuses filters to narrow the list.

note
Only subgraph, operator, and SCIM API keys are available in the organization's API keys tab. Find graph API keys in your graph's Settings page and personal API keys in your user settings.

View API key details

  1. Find the key you want to inspect.

  2. Select the ••• menu for the key.

  3. Select View details.

Review the key's metadata and resource access. For security reasons, you can't view an API key's value again after creating or rotating it.

Rename an API key

Use clear key names that describe the system or workflow that uses the key, such as Production router or Subgraph publish CI.

  1. Find the key you want to rename.

  2. Select the ••• menu for the key.

  3. Select Rename.

  4. Enter the new name and select Save.

Renaming a key doesn't change its value, permissions, or expiration date.

Update an API key's expiration

Always set expiration dates for API keys to ensure unused keys don't retain access indefinitely.

  1. Find the key you want to update.

  2. Select the ••• menu for the key.

  3. Select Update expiration.

  4. Choose the new expiration date and select Save.

Rotate an API key

Rotate a key when you need a new token value with the same permissions. GraphOS Studio creates a new key and sets the old key to expire, which gives you time to update the systems that use it.

  1. Find the key you want to rotate.

  2. Select the ••• menu for the key.

  3. Select Rotate.

  4. Enter a name for the new key.

  5. Optional: Choose when the old key expires. If you don't choose a date, the old key expires in one day.

  6. Review the current key details, including its resources and type.

  7. Select Rotate key.

  8. Copy the new key value and store it in a secure location. You can't view the value again after you close the modal.

  9. Update each system that uses the old key to use the new key.

After confirming your systems use the new key, delete the old key immediately to maintain a secure environment.

Revoke an API key

Revoke a key to stop its access before its expiration date.

caution
Revoking a key immediately prevents systems from authenticating with that key. Before you revoke an active production key, rotate it and update the systems that use it.

  1. Find the key you want to revoke.

  2. Select the ••• menu for the key.

  3. Select Revoke.

  4. Select Revoke to confirm.

Delete an API key

Delete keys that your organization no longer needs.

caution
Key deletion is permanent and can't be undone.

  1. Find the key you want to delete.

  2. Select the ••• menu for the key.

  3. Select Delete.

  4. Confirm the deletion.

Store API keys

After you create or rotate an API key, store the token value in your secret manager immediately. You can't view an API key's value after you create or rotate it.

For API key management with GraphOS Platform API operations, see Manage API keys with the Platform API.

For an overview of all key types, see API Keys.