# API Keys

## Overview

Kognitos provides a self-service console for creating and managing API keys. Keys can be scoped to an entire **organization** or a specific **agent**, depending on the level of access required.

{% @supademo/embed url="<https://app.supademo.com/demo/cmdyu4k1e08pih5wkacfe3gxs>" demoId="cmdyu4k1e08pih5wkacfe3gxs" %}

## Creating and Managing API Keys

API keys can be created and managed by:

* **Organization Admins**: Can create and manage organization-level and agent-level keys.
* **Agent Admins**: Can create and manage only agent-level keys.

### API Key Creation

An organization can have up to **10 API keys** in total, including organization-level and agent-level keys. Follow these steps to create a new one:

{% stepper %}
{% step %}
**Navigate to API Keys**

Click on the **user icon** in the top right, then navigate to **API Keys**.
{% endstep %}

{% step %}
**New API Key**

Click on <kbd>New API Key</kbd>.
{% endstep %}

{% step %}
**Configure and Create**

Configure your key's **Name** and **Scope**. If scoping the key to an agent, select the agent from the dropdown menu. Then, click on <kbd>Create</kbd> to generate your secret key.
{% endstep %}

{% step %}
**Secure Your Secret Key**

Copy and save your secret key. Then, click on <kbd>Done</kbd>.

{% hint style="warning" %}
For security reasons, the secret won’t be accessible again through Kognitos. If you lose it, you'll need to generate a new one.
{% endhint %}
{% endstep %}
{% endstepper %}

### API Key Management

Click the three-dot menu (<kbd>⋮</kbd>) to the right of an API key to access management options. From there, you can **edit**, **delete**, or check the **usage** of an existing key.

#### Edit

API keys can be renamed at any time. However, a key's *scope* (organization or agent) cannot be changed after creation.

#### Usage

Usage displays the rate limits, quotas, and utilization details for a given key.

#### Delete

API keys do not expire automatically. If a key is no longer needed, you can delete it to revoke access immediately.

<figure><img src="/files/XgH1sQvf9PqAX5BZzAKO" alt=""><figcaption><p>Management Options for API Keys</p></figcaption></figure>

## Troubleshooting

### 1. Error: "access not permitted" or `statusCode: 401`

This error typically means your API key is invalid or has been revoked. If a key was working previously but is now returning this error, it may have been deleted by an administrator.

{% hint style="info" %}
Contact your **Admin** to confirm the status of your key. They can verify if the key is still active and provide you with a new one if needed.
{% endhint %}

### 2. Unable to create a new API key

If you're an admin and can't create new API keys, you may have reached your organization's limit. An organization can have up to **10 API keys** in total, including organization-level and agent-level keys. You'll need to delete an existing, unused API key to free up a slot before you can create a new one.

{% hint style="success" %}
**Here to Help!**

If you have questions or need assistance with API Keys, please contact our support team at <support@kognitos.com> or via our platform's **Support AI Assistance Chat** *(preferred)*.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kognitos.com/legacy/legacy-experience/account/api-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.