Bearer tokens · scoped + revocable

API keys

Pass as Authorization: Bearer <key>. Plaintext is shown ONCE on creation — store it now; we can't recover it later. Revocation is immediate.

Key created — copy it now

This is the only time the full key is shown. Store it in your secret manager before dismissing.

API keys are scrypt-hashed at rest. Driftstack staff cannot read your keys — a database breach surfaces hashes, not keys. If a key leaks, revoke + rotate; no admin recovery path exists.

production

ds_live_a1b2c3d4 …

Created 24 days ago · last used 6 days ago

read write
Sign in to revoke

Scopes: read (list/get-only), write (create sessions, navigate, interact), account_owner (manage webhooks, billing, mint other keys — V-174). Always create the narrowest-scoped key the job needs.

API keys

Create a new API key

Key created — copy it now

No keys yet