API Keys
Create and manage API keys to authenticate requests to the commandAGI API.
Overview
API keys are used to authenticate requests to the commandAGI API. Each key is associated with your user account and can optionally be scoped to a specific project.
Project-Scoped
Keys can be limited to specific projects
Expiration
Set optional expiration dates
Usage Tracking
Monitor key usage and last access
Creating Keys via Dashboard
The easiest way to create API keys is through the project dashboard:
- 1
Navigate to your project's API Keys page
- 2
Click Create Key and enter a descriptive name
- 3
Copy and save the key immediately - it won't be shown again
Important: The full API key is only displayed once when created. Store it securely - you'll only see the prefix (cagi_abc...) afterwards.
Creating Keys via API
You can also create API keys programmatically using an existing key:
curl -X POST https://api.commandAGI.com/api/api-keys \
-H "Authorization: Bearer YOUR_EXISTING_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Production API Key",
"projectId": "proj_abc123",
"expiresInDays": 90
}'{
"key": "cagi_abc123def456ghi789jkl012mno345pqr678stu901vwx",
"id": "key_xyz789",
"name": "Production API Key",
"prefix": "cagi_abc123",
"expiresAt": "2024-04-15T10:30:00Z",
"createdAt": "2024-01-15T10:30:00Z",
"warning": "Save this key securely - it will not be shown again"
}| Parameter | Type | Description |
|---|---|---|
| name | string | Required. A descriptive name for the key |
| projectId | string | Optional. Scope key to a specific project |
| expiresInDays | number | Optional. Number of days until key expires |
Listing API Keys
Retrieve all active API keys for your account:
curl https://api.commandAGI.com/api/api-keys \
-H "Authorization: Bearer YOUR_API_KEY"
# Filter by project
curl "https://api.commandAGI.com/api/api-keys?projectId=proj_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"{
"keys": [
{
"id": "key_xyz789",
"name": "Production API Key",
"prefix": "cagi_abc123",
"projectId": "proj_abc123",
"lastUsedAt": "2024-01-20T14:22:00Z",
"usageCount": 1247,
"expiresAt": "2024-04-15T10:30:00Z",
"createdAt": "2024-01-15T10:30:00Z"
}
]
}Revoking API Keys
Revoke an API key to immediately disable it. This action cannot be undone.
curl -X DELETE "https://api.commandAGI.com/api/api-keys?id=key_xyz789" \
-H "Authorization: Bearer YOUR_API_KEY"{
"success": true
}Best Practices
Use Environment Variables
Never hardcode API keys in your source code. Use environment variables instead.
# .env
COMMANDAGI_API_KEY=cagi_abc123...
# Usage
const apiKey = process.env.COMMANDAGI_API_KEY;Separate Keys per Environment
Create distinct API keys for development, staging, and production. This allows you to revoke compromised keys without affecting other environments.
Set Expiration Dates
Use expiresInDays to create keys that automatically expire. This limits exposure if a key is compromised.
Monitor Usage
Regularly review the lastUsedAt and usageCount fields to identify unused keys that should be revoked.