API keys
An API key authenticates your requests and ties usage to an organization. Keys are stored only as a hash; the plaintext sk- key is shown once at creation.
Create a key
- Open the Console and go to API Keys.
- Create an organization, then create a key scoped to it.
- Copy the secret immediately — it cannot be shown again.
Use environment variables. Never hardcode a key or commit it to source control.
Use the key
export GOTOAI_API_KEY="sk-…"
curl {{api_base}}/models -H "Authorization: Bearer $GOTOAI_API_KEY"Scopes & roles
Keys carry scopes. A chat key can call the API; an org_admin key can mint chat keys for its own org; platform admin manages everything. An org admin can never elevate a key beyond its own scopes.
Revoke a key
Revoke from the Console (or POST /v1/admin/api-keys/revoke). Revocation takes effect immediately and the key returns 401 thereafter.