API Key Management
Manage API keys for authenticating your applications with TerraScale.
Creating an API Key
Section titled “Creating an API Key”Step 1: Navigate to API Keys
Section titled “Step 1: Navigate to API Keys”Click API Keys in the sidebar to open the API key management page.
Step 2: Click Create
Section titled “Step 2: Click Create”Click the “Create API Key” button to open the creation dialog.
Step 3: Configure the Key
Section titled “Step 3: Configure the Key”| Field | Description | Required |
|---|---|---|
| Name | Descriptive identifier (e.g., “Production Backend”) | Yes |
| Scopes | Permissions the key will have | Yes |
| Expiration | Optional expiration date | No |
Step 4: Select Scopes
Section titled “Step 4: Select Scopes”Choose the permissions for your API key:
| Scope | Description |
|---|---|
database:read | Read data from databases |
database:write | Write and delete data |
database:* | Full database access (read + write) |
repository:read | Read from repositories |
repository:write | Write to repositories |
repository:* | Full repository access |
* | Full access to all operations |
Step 5: Create and Copy
Section titled “Step 5: Create and Copy”- Click “Create”
- Copy your API key immediately
- Store it securely
The full API key is only shown once. After closing the dialog, you can only see the key prefix.
API Key List
Section titled “API Key List”The API Keys page displays all your keys with:
| Column | Description |
|---|---|
| Name | Descriptive name |
| Key Prefix | First characters of the key (e.g., ts_live_abc...) |
| Status | Active, Revoked, or Expired |
| Scopes | Assigned permissions |
| Created | Creation date |
| Last Used | Most recent usage timestamp |
| Expires | Expiration date (if set) |
Filtering Keys
Section titled “Filtering Keys”- Search: Filter by key name
- Status Filter: Show Active, Revoked, or Expired keys
- Sort: Click column headers to sort
Key Status
Section titled “Key Status”The key is valid and can be used for API requests.
- Green status indicator
- Can be revoked at any time
- Shows last used timestamp
The key has been manually disabled and cannot be used.
- Red status indicator
- Revocation is permanent
- Cannot be re-activated
The key has passed its expiration date.
- Yellow status indicator
- Automatically stops working at expiration
- Cannot be extended
Revoking an API Key
Section titled “Revoking an API Key”To revoke a key:
- Find the key in the API Keys list
- Click the menu icon (three dots) on the right
- Select “Revoke”
- Confirm the action
Revocation is immediate and permanent. Any application using the key will receive 401 Unauthorized errors.
Best Practices
Section titled “Best Practices”Naming Conventions
Section titled “Naming Conventions”Use descriptive names that identify the key’s purpose:
| Good Examples | Bad Examples |
|---|---|
Production Backend API | key1 |
Mobile App - iOS | test |
CI/CD Pipeline | my key |
Development Server | asdf |
Scope Selection
Section titled “Scope Selection”Follow the principle of least privilege:
// Good: Specific permissions{ "scopes": ["database:read", "repository:read"] }
// Avoid: Overly broad permissions{ "scopes": ["*"] }Recommendations:
- Read-only services: Use
database:readonly - Backend APIs: Use
database:readanddatabase:write - Management tools: Use specific scopes as needed
- Never use
*in production unless absolutely necessary
Key Rotation
Section titled “Key Rotation”Rotate API keys regularly:
- Create a new key with the same scopes
- Update your application to use the new key
- Verify the new key works correctly
- Revoke the old key
Recommended rotation schedule:
- Production keys: Every 90 days
- Development keys: Every 180 days
- CI/CD keys: Every 90 days
Expiration Dates
Section titled “Expiration Dates”Set expiration dates for temporary keys:
| Use Case | Recommended Expiration |
|---|---|
| Temporary access | 24 hours - 7 days |
| Contractor access | Project duration |
| Testing | 30 days |
| Production | No expiration (rotate manually) |
Security Guidelines
Section titled “Security Guidelines”- Use different keys for different environments
- Set expiration dates for temporary access
- Monitor “Last Used” timestamps for suspicious activity
- Revoke unused keys promptly
- Store keys in environment variables or secret managers
- Share keys between applications
- Commit keys to source control
- Use production keys in development
- Grant more permissions than needed
- Keep keys active after project completion
Viewing Key Usage
Section titled “Viewing Key Usage”Track API key usage:
- Find the key in the list
- Check the Last Used column
- Click the key name for detailed usage metrics
Usage metrics include:
- Total requests
- Requests by operation type
- Error rates
- Geographic distribution
Troubleshooting
Section titled “Troubleshooting”Key Not Working
Section titled “Key Not Working”| Issue | Solution |
|---|---|
401 Unauthorized | Check key is Active, not Revoked or Expired |
403 Forbidden | Verify key has required scopes |
| Key not recognized | Ensure correct prefix (ts_live_ or ts_test_) |
| Intermittent failures | Check rate limits |
Lost API Key
Section titled “Lost API Key”If you’ve lost an API key:
- You cannot recover it - keys are only shown once
- Create a new key with the same scopes
- Update your application configuration
- Revoke the old key
Next Steps
Section titled “Next Steps”- Authentication Reference - API key authentication details
- Security Settings - Enable 2FA for your account
- C# SDK Guide - Use keys in your application