API Keys

Create, list, and revoke API keys from the dashboard page at https://ghostspeak.io/dashboard/api-keys. This page documents the current dashboard implementation in packages/web/app/dashboard/api-keys/page.tsx.

Managing keys (dashboard)

Keys are created and revoked via the dashboard UI.
When you create a key, the plaintext API key is revealed once (in a one-time reveal dialog). After you dismiss it, it cannot be shown again.
After creation, the dashboard only stores/displays a non-secret prefix (keyPrefix) so you can identify a key later.

Treat your API key like a password. If you lose it (or suspect it’s been exposed), revoke it and create a new one.

Using your API key

Send the key using the recommended header contract:

Authorization: Bearer <apiKey>

Example (consistent with the dashboard “Usage” card):

curl -H "Authorization: Bearer <apiKey>" \
  https://api.ghostspeak.io/...

The dashboard UI also notes that X-API-Key is accepted as an alias for compatibility (see packages/web/app/dashboard/api-keys/page.tsx).

Developer notes (Convex)

API key management is implemented in Convex:

Functions live in packages/web/convex/apiKeys.ts:
- listMyApiKeys() (list keys with safe fields only)
- createApiKey() (returns the plaintext key once)
- revokeApiKey()
- verifyApiKey() (internal helper that hashes + checks isActive and updates lastUsedAt)
Helpers live in packages/web/convex/apiKeyHelpers.ts:
- generateApiKeyMaterial()
- sha256Hex()

Introduction

Core Concepts

SDK Documentation

ElizaOS Plugin

CLI Documentation

Web Dashboard

Guides & Tutorials

Reference

Resources

API Keys

API Keys

Managing keys (dashboard)

Using your API key

Developer notes (Convex)

Introduction

Core Concepts

SDK Documentation

ElizaOS Plugin

CLI Documentation

Web Dashboard

Guides & Tutorials

Reference

Resources

​API Keys

​Managing keys (dashboard)

​Using your API key

​Developer notes (Convex)

API Keys

Managing keys (dashboard)

Using your API key

Developer notes (Convex)