API Keys

API keys let your applications authenticate with the AuthDuty REST API. Keys are scoped to your team - any request authenticated with your key accesses your team's data.

Creating an API Key

Go to Settings → API Keys (Lead or Developer role required).
Click Create API Key.
Give the key a descriptive name (e.g., "Production API" or "Staging").
Copy and securely store the key. It will only be shown once.

Important: The full API key is only displayed at creation time. We store a hashed version - if you lose the key, you'll need to create a new one.

Using API Keys

Include your API key in the Authorization header:

Authorization: Bearer ad_live_XXXXXXXXXXXXXXXX

All API keys use the ad_live_ prefix. See the API documentation for endpoint details.

Managing Keys

From the API Keys settings page you can:

View all keys with their names and last-used timestamps
Revoke a key to immediately disable it

Each team can have up to 25 active API keys. Revoked keys don't count toward this limit.

Security Best Practices

Never commit API keys to source control
Use environment variables to store keys in your application
Create separate keys for production and staging environments
Revoke keys immediately if they may have been exposed
Rotate keys periodically - create a new one, update your application, then revoke the old one

Getting Started

Verification Cases

Team Management

Billing & Credits

Account Security

Integrations

FAQ & Troubleshooting

API Keys

Creating an API Key

Using API Keys

Managing Keys

Security Best Practices