Summary
API Keys allow your applications, scripts, and backend services to securely access Astra APIs without requiring a user to sign in through the web interface each time. This article explains what API Keys are, how to create and use them, and how to manage or revoke existing keys.
Instructions
What is an API Key?
An API Key is a secret credential that starts with sk_live_. It allows your application to authenticate and make requests to Astra APIs programmatically.
API Keys are commonly used when you need a system-to-system connection that runs automatically without user interaction.
Recommended use cases
API Keys are ideal when you want to:
Sync qualified leads from Astra to your CRM automatically.
Create custom dashboards by pulling conversation and lead data from Astra.
Trigger business workflows when an AI agent captures a new lead.
Send conversation data to internal analytics or reporting systems.
When not to use API Keys
API Keys are not recommended for public-facing applications where each user needs to grant access to their own account.
In these cases, use OAuth authentication instead.
How to create an API Key
To create a new API Key:
Log into your Astra account.
Go to Account > API Keys.
Click Create Key.
Enter a descriptive name for the key, such as Production CRM Sync.
Click Create.
Important: Save your API Key immediately
After the key is created, Astra displays the complete API Key only once.
Make sure you copy and store the key in a secure location before closing the notification or leaving the page.
Afterward, Astra will only display a shortened prefix of the key for identification purposes. The full key cannot be viewed again.
How to use an API Key
After creating an API Key, add it to your application, script, or integration.
When making API requests, include the key in the request authorization header, typically as a Bearer token.
Once configured, your application can securely access Astra APIs without requiring users to sign in through a browser.
Manage existing API Keys
The API Keys page displays information about all active keys.
Column | Description |
Name | The name assigned to the API Key during creation |
Key prefix | The first few characters of the API Key, used to identify the key |
Created | The date and time when the key was created |
Last used | The most recent time the key was used; remains blank if the key has never been used |
How to revoke an API Key
You may need to revoke an API Key if:
The key was exposed or shared unintentionally
An integration is no longer required
A team member with access to the key has left the organization
You are rotating credentials as part of a security process
To revoke an API Key:
Locate the key in the API Keys list.
Click the Delete option.
Confirm the action.
What happens after revocation?
The API Key becomes invalid immediately.
Any application, script, or integration using that key will no longer be able to access Astra APIs until a new valid key is configured.
Security best practices when working with API Keys
Follow these recommendations to keep your API Keys secure:
Never include API Keys in frontend or client-side code.
Store API Keys in a secure secret manager or environment variable.
Use separate API Keys for testing and production environments.
Rotate API Keys regularly.
Revoke unused or outdated keys.
If an API Key is compromised, revoke it immediately and create a new one.