API Key Management

API keys provide programmatic access to the Atlas API. Use them to authenticate requests from the TypeScript SDK, MCP server, or embeddable widget without requiring interactive login.

Overview

Route: /admin/api-keys

The API Keys page lists all keys for your workspace. Each row shows the key name, masked key prefix, creation date, last used timestamp, expiration status, and a Revoke action.

Creating a Key

1. Click Create API Key
2. Enter a descriptive name (e.g. "Production API", "MCP Server")
3. Click Create
4. Copy the key from the dialog — it is only shown once

The key is scoped to your current organization (workspace). In SaaS mode, each workspace manages its own keys independently.

Revoking a Key

1. Click the Revoke button on the key row
2. Confirm in the dialog

Revocation is immediate and permanent. Any application using the revoked key will receive 401 Unauthorized responses.

Using API Keys

Pass the key in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://your-atlas.example.com/api/v1/chat

SDK

import Atlas from "@useatlas/sdk";

const atlas = new Atlas({
  apiKey: "YOUR_API_KEY",
  baseUrl: "https://your-atlas.example.com",
});

MCP Server

Set the ATLAS_API_KEY environment variable when starting the MCP server, or pass it in the MCP client configuration.

Embeddable Widget

<script
  src="https://your-atlas.example.com/widget.js"
  data-api-key="YOUR_API_KEY"
></script>

SaaS vs Self-Hosted

The UI and workflow are identical in both modes. In SaaS deployments, keys are automatically scoped to the active workspace.

API Endpoints

All endpoints require admin authentication.

See Also

• SDK Reference — Use API keys with the TypeScript SDK
• MCP Server — Configure Atlas as an MCP tool provider
• Embedding Widget — Embed Atlas in your application
• Authentication — Auth modes and configuration