> ## Documentation Index
> Fetch the complete documentation index at: https://help.onetsolutions.net/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create and manage API keys for programmatic access to OnetSolutions services

API keys allow you to access OnetSolutions services programmatically. Use them to automate tasks, integrate with CI/CD pipelines, or build custom applications.

<Info>
  **Prerequisites**

  * An OnetSolutions account with an organization
</Info>

## Creating an API Key

<Steps>
  <Step title="Navigate to API Keys">
    Go to **Settings > API Keys** in your dashboard.
  </Step>

  <Step title="Click Create">
    Click the "Create API Key" button.
  </Step>

  <Step title="Configure the key">
    * **Name**: Give your key a descriptive name (e.g., "CI/CD Pipeline", "Monitoring Script")
    * **Expiration**: Optionally set an expiration date
    * **Scopes**: Select the permissions for this key
  </Step>

  <Step title="Copy the key">
    After creation, copy the API key immediately. It will only be shown once.
  </Step>
</Steps>

<Warning>
  Store your API key securely. Never share it publicly or commit it to version control.
</Warning>

## Using API Keys

Include your API key in the `Authorization` header of your requests:

```bash theme={null}
curl -X GET "https://api.onetsolutions.net/v1/instances" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

## Managing API Keys

### Viewing Keys

The API Keys page shows all your active keys with:

* Key name
* Creation date
* Last used date
* Expiration date (if set)

### Revoking Keys

To revoke an API key:

1. Go to **Settings > API Keys**
2. Find the key you want to revoke
3. Click the delete/revoke button
4. Confirm the action

<Warning>
  Revoking a key is immediate and permanent. Any applications using the key will lose access.
</Warning>

## Project Tokens

For project-specific access, you can create tokens at **Settings > Project > Tokens**. These tokens are scoped to a specific project and have limited permissions.

## Best Practices

<AccordionGroup>
  <Accordion title="Use descriptive names">
    Name your keys based on their purpose (e.g., "Production Deploy", "Staging CI") to easily identify them later.
  </Accordion>

  <Accordion title="Set expiration dates">
    For temporary needs, set an expiration date to automatically revoke the key.
  </Accordion>

  <Accordion title="Use minimum required permissions">
    Only grant the scopes your application needs, following the principle of least privilege.
  </Accordion>

  <Accordion title="Rotate keys regularly">
    Create new keys and revoke old ones periodically to limit potential exposure.
  </Accordion>

  <Accordion title="Use environment variables">
    Never hardcode API keys in your application code. Use environment variables instead.
  </Accordion>
</AccordionGroup>

## API Documentation

<Card title="API Reference" icon="book" href="/api-reference/introduction">
  Explore the full API documentation to see available endpoints and parameters.
</Card>
