API keys

Applies to: Developer · Team · Enterprise — Last reviewed 2026-06-29

An API key authenticates your requests and ties usage to an organization. Keys are stored only as a hash; the plaintext sk- key is shown once at creation.

Create a key

Open the Console and go to API Keys.
Create an organization, then create a key scoped to it.
Copy the secret immediately — it cannot be shown again.

Use environment variables. Never hardcode a key or commit it to source control.

Use the key

export GOTOAI_API_KEY="sk-…"
curl {{api_base}}/models -H "Authorization: Bearer $GOTOAI_API_KEY"

Scopes & roles

Keys carry scopes. A chat key can call the API; an org_admin key can mint chat keys for its own org; platform admin manages everything. An org admin can never elevate a key beyond its own scopes.

Revoke a key

Revoke from the Console (or POST /v1/admin/api-keys/revoke). Revocation takes effect immediately and the key returns 401 thereafter.

Next steps

Switch your OpenAI app to GotoAI
Authentication errors