# API Keys

## Overview

Kognitos provides a self-service console for creating and managing API keys. Keys can be scoped to an entire **organization** or a specific **agent**, depending on the level of access required.

{% @supademo/embed url="<https://app.supademo.com/demo/cmdyu4k1e08pih5wkacfe3gxs>" demoId="cmdyu4k1e08pih5wkacfe3gxs" %}

## Creating and Managing API Keys

API keys can be created and managed by:

* **Organization Admins**: Can create and manage organization-level and agent-level keys.
* **Agent Admins**: Can create and manage only agent-level keys.

### API Key Creation

An organization can have up to **10 API keys** in total, including organization-level and agent-level keys. Follow these steps to create a new one:

{% stepper %}
{% step %}
**Navigate to API Keys**

Click on the **user icon** in the top right, then navigate to **API Keys**.
{% endstep %}

{% step %}
**New API Key**

Click on <kbd>New API Key</kbd>.
{% endstep %}

{% step %}
**Configure and Create**

Configure your key's **Name** and **Scope**. If scoping the key to an agent, select the agent from the dropdown menu. Then, click on <kbd>Create</kbd> to generate your secret key.
{% endstep %}

{% step %}
**Secure Your Secret Key**

Copy and save your secret key. Then, click on <kbd>Done</kbd>.

{% hint style="warning" %}
For security reasons, the secret won’t be accessible again through Kognitos. If you lose it, you'll need to generate a new one.
{% endhint %}
{% endstep %}
{% endstepper %}

### API Key Management

Click the three-dot menu (<kbd>⋮</kbd>) to the right of an API key to access management options. From there, you can **edit**, **delete**, or check the **usage** of an existing key.

#### Edit

API keys can be renamed at any time. However, a key's *scope* (organization or agent) cannot be changed after creation.

#### Usage

Usage displays the rate limits, quotas, and utilization details for a given key.

#### Delete

API keys do not expire automatically. If a key is no longer needed, you can delete it to revoke access immediately.

<figure><img src="https://681267560-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyXsMyN9vMn8AoQ4BYIwT%2Fuploads%2Fgit-blob-b838d0bc5cf5ff2d1bf34bc36701be5196832ff3%2FAPI-key-management.png?alt=media" alt=""><figcaption><p>Management Options for API Keys</p></figcaption></figure>

## Troubleshooting

### 1. Error: "access not permitted" or `statusCode: 401`

This error typically means your API key is invalid or has been revoked. If a key was working previously but is now returning this error, it may have been deleted by an administrator.

{% hint style="info" %}
Contact your **Admin** to confirm the status of your key. They can verify if the key is still active and provide you with a new one if needed.
{% endhint %}

### 2. Unable to create a new API key

If you're an admin and can't create new API keys, you may have reached your organization's limit. An organization can have up to **10 API keys** in total, including organization-level and agent-level keys. You'll need to delete an existing, unused API key to free up a slot before you can create a new one.

{% hint style="success" %}
**Here to Help!**

If you have questions or need assistance with API Keys, please contact our support team at <support@kognitos.com> or via our platform's **Support AI Assistance Chat** *(preferred)*.
{% endhint %}