> ## Documentation Index
> Fetch the complete documentation index at: https://docs.therefrain.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Generate and manage API keys for programmatic access.

## Overview

API keys allow programmatic access to the Refrain API. Use them to trigger executions from CI/CD, scripts, or the [SDK](/sdk/overview).

## Creating an API key

<Steps>
  <Step title="Go to API Keys settings">
    Navigate to **Settings > API Keys**. Requires Admin role or above.
  </Step>

  <Step title="Click Create">
    Click the **Create API Key** button.
  </Step>

  <Step title="Name the key">
    Give the key a descriptive name (e.g., "CI/CD Pipeline", "Staging Tests").
  </Step>

  <Step title="Copy the key">
    The full key is shown only once. Copy and store it securely.
  </Step>
</Steps>

<Note>
  Community plan cannot create API keys. Upgrade to Pro or higher.
</Note>

## Using an API key

### SDK

```typescript theme={null}
const client = new Refrain({
  ai: { ... },
  apiKey: "rfn-eyJ...",
});
```

### CLI

```bash theme={null}
npx @refrainai/cli execute -- \
  --runbook ./flow.yaml \
  --api-key "rfn-eyJ..."
```

Or via environment variable:

```bash theme={null}
export REFRAIN_API_KEY="rfn-eyJ..."
```

## Managing API keys

| Action     | Description                                                |
| ---------- | ---------------------------------------------------------- |
| **View**   | See key name, creation date, last used date, and status    |
| **Revoke** | Permanently disable a key (soft delete — cannot be undone) |

Revoked keys show a `revoked` badge and can no longer authenticate.

## Security

* The full key is displayed only once at creation time — store it securely
* Revoked keys cannot be re-enabled
* Keys inherit the tenant's plan tier