> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Manage programmatic access to the Turen API

API keys allow programmatic access to the Turen dashboard API. Use them for integrations, automation, and scripts.

## Key Format

API keys use the prefix `sk_live_` followed by a random string:

```
sk_live_abc123def456...
```

## Plan Limits

The number of API keys you can create depends on your plan:

| Plan  | Max API Keys |
| ----- | ------------ |
| Solo  | 1            |
| Teams | 10           |

## Creating an API Key

Navigate to **Platform Settings > Org Settings > API Keys** (`/settings/api-keys`).

<Steps>
  <Step title="Click Create Key">
    Click the **Create Key** button.
  </Step>

  <Step title="Enter key details">
    Provide a name (required) and optional description for the key.
  </Step>

  <Step title="Copy the key">
    The full key is shown once. Copy it immediately: you won't be able to see it again.
  </Step>
</Steps>

<Warning>
  Store API keys securely. Treat them like passwords: never commit them to source control or share them in plain text.
</Warning>

## Using an API Key

Include the key in the `X-API-Key` header:

```bash theme={null}
curl -H "X-API-Key: sk_live_your_key_here" \
  https://api.prod.turen.io/api/v1/stats/summary
```

API keys have the same access as the dashboard: they can query events, agents, sessions, and stats.

## Managing Keys

From **Org Settings > API Keys** (`/settings/api-keys`), you can:

* **View all keys**: See key names, descriptions, creation dates, last-used timestamps, and status
* **Revoke a key**: Click the stop icon to disable a key immediately
* **Delete a key**: Permanently remove a revoked key by clicking the trash icon

Keys can have one of three statuses: **active**, **revoked**, or **expired**.

<Note>
  Revoking a key is immediate. Any integrations using the revoked key will stop working right away.
</Note>

## Best Practices

* **Use descriptive names** so you know what each key is for
* **Rotate keys regularly**: create a new key, update your integrations, then revoke the old one
* **Use one key per integration**: this way you can revoke access for a single integration without affecting others
* **Monitor last-used timestamps**: keys that haven't been used recently may be stale and should be revoked
