API Keys
Project API keys authenticate your applications, SDKs, and OpenTelemetry exporters when they send data to — or read data from — a project. Each project has its own keys.
Manage them under Project Settings → API Keys. These are distinct from Provider API Keys (which let the platform call LLM providers) and from Shadow AI keys.
Public and secret keys
A project API key has two parts:
| Key | Use |
|---|---|
| Public key | Identifies the project. Used together with the secret key by SDKs/exporters. |
| Secret key | The credential. Shown in full only once at creation — store it securely. |
Creating a key
Generate
In Project Settings → API Keys, create a key pair. Copy the secret immediately — it isn't shown again.
Configure your client
Set the keys in your SDK or OTLP exporter (see Sending Data In).
Rotate or revoke
Create a new key pair to rotate, and delete old keys to revoke access. Use separate keys per environment or service so you can revoke one without disrupting the rest.
Treat the secret key like a password — never commit it to source control or expose it in client-side code. Rotate periodically and revoke any key you suspect is leaked.
Next steps
- Sending Data In — use keys to ingest traces.
- API Reference — authenticate REST calls.