Skip to main content
To interact with the Unkey API to manage resources such as APIs or keys, you need a root key. Root keys are scoped per workspace and you can fine tune their access permissions when creating a key or update later on the fly.
It’s a good practice to provide as few permissions as possible, to minimize the potential impact of a leaked key.
1

Start

  1. Go to https://app.unkey.com and sign in.
  2. Using the left sidebar menu navigate to Settings, then Root Keys.
  3. Click the New root key button in the top right of the screen.
You should see the following modal.
2

Name and Permissions

  1. Optionally enter a name. This is internal only and not customer-facing.
  2. Click the Select Permissions... button.
  3. Add your workspace-wide permissions. These permissions affect and override the per-API permissions below.
  4. For each API in your workspace, you can enable fine-grained permissions.
  5. Click Create New Key at the bottom.
3

Copy your key

Be sure to copy the key before closing the window. There is no way to recover it later

What should I do if a root key is leaked?

If you leak a root key - for instance, by accidentally checking it in to version control - you should immediately revoke the root key and replace it with a new, secure key. Root keys are secrets, and should never be exposed publicly.