Create and rotate API keys

API keys authenticate every request to the Segal API. Keys are prefixed sk_segal_ and scoped to a single project — they can do exactly what that project's role allows, and nothing in other projects.

Screenshot

console-api-keys-list

Console → API keys: a table of active keys showing name, role, last-used time, and the last four characters of each secret.

Create a key

Open API keys
Go to Console → API keys for the project you want the key scoped to.
Name it and pick a role
Give the key a recognizable name and assign a project role (owner, admin, billing, developer, or viewer). The key inherits that role's permissions.
Copy the secret once
The full sk_segal_… secret is shown once, at creation. Store it in your secret manager — Segal keeps only the last four characters for display.

Screenshot

console-api-keys-create

The create-key dialog with the one-time secret revealed and a copy button.

Treat the secret like a password

Never commit a key or embed it in client-side code. If a key leaks, rotate it (below) — the old secret stops working immediately.

Rotate or revoke

Rotate
Create a new key, deploy it, then delete the old one. Because the secret is only shown at creation, rotation always means "new key, then revoke old."
Revoke
Delete a key to revoke it. In-flight requests using it begin returning 401 immediately.

Use the key

Pass it as a bearer token on every request:

curl https://api.segalcompute.com/api/v1/domains \
  -H "Authorization: Bearer sk_segal_..."

The same key works with the SDK and CLI. See Authentication for the full contract.

Console-managed in this build

Key creation and rotation are console actions; there is no public key-management endpoint in the current OpenAPI spec. The keys you create here authenticate the documented resource endpoints.

← Previous

Navigating the console

Track spend & set caps