API keys are secrets used by Appwrite Server SDKs and the Appwrite CLI to prove their identity. What can be accessed each API key is restricted by scopes instead of permissions.
Best practice
It is a best practice to grant only the scopes you need to meet your project's goals to an API key. API keys should be treated as a secret. Never share the API key and keep API keys out of client applications.
API keys vs Dev keys
API keys and Dev keys are not the same and cannot be used interchangeably.
API keys permit access to Appwrite services in production environments, with access controlled through scopes to ensure secure and controlled server-side operations. Dev keys, conversely, are specifically designed to help you avoid abuse limits and CORS errors in test and development environments.
API keys are for server SDKs and the CLI in production environments, while Dev keys are for client SDKs in development environments.
Create API key
To create a new API key, navigate to Overview > Integration > API keys and click Create API key.
You can then use the API key to initialize the Appwrite client in your server-side apps.
When adding a new API Key, you can choose which scopes to grant your application. If you need to replace your API Key, create a new key, update your app credentials and, once ready, delete your old key.
Manage API keys with a Server SDK
You can also manage API keys programmatically using a Server SDK. This requires an API key with the keys.read and keys.write scopes.
Sensitive scopes
The keys.read and keys.write scopes are very sensitive. An API key with keys.write can create new keys with any scope, effectively granting full access to your project. Only assign these scopes to keys used in trusted, secure environments, and never expose them in client-side applications.
List API keys
Get an API key
Create an API key
Update an API key
Delete an API key
Scopes
When adding a new API key, you choose which scopes to grant. Scopes are grouped by service, matching the categories shown in the Appwrite Console.
Auth
Name Description sessions.writeAccess to create, update, and delete user sessionsusers.readAccess to read your project's usersusers.writeAccess to create, update, and delete your project's usersteams.readAccess to read your project's teamsteams.writeAccess to create, update, and delete your project's teamsDatabases
Name Description databases.readAccess to read your project's databasesdatabases.writeAccess to create, update, and delete your project's databasestables.readAccess to read your project's database tablestables.writeAccess to create, update, and delete your project's database tablescolumns.readAccess to read your project's database table columnscolumns.writeAccess to create, update, and delete your project's database table columnsindexes.readAccess to read your project's database table indexesindexes.writeAccess to create, update, and delete your project's database table indexesrows.readAccess to read your project's database rowsrows.writeAccess to create, update, and delete your project's database rowsFunctions
Name Description functions.readAccess to read your project's functions and code deploymentsfunctions.writeAccess to create, update, and delete your project's functions and code deploymentsexecution.readAccess to read your project's execution logsexecution.writeAccess to execute your project's functionsStorage
Name Description files.readAccess to read your project's storage files and preview imagesfiles.writeAccess to create, update, and delete your project's storage filesbuckets.readAccess to read your project's storage bucketsbuckets.writeAccess to create, update, and delete your project's storage bucketsMessaging
Name Description providers.readAccess to read your project's providersproviders.writeAccess to create, update, and delete your project's providersmessages.readAccess to read your project's messagesmessages.writeAccess to create, update, and delete your project's messagestopics.readAccess to read your project's topicstopics.writeAccess to create, update, and delete your project's topicssubscribers.readAccess to read your project's subscriberssubscribers.writeAccess to create, update, and delete your project's subscriberstargets.readAccess to read your project's targetstargets.writeAccess to create, update, and delete your project's targetsSites
Name Description sites.readAccess to read your project's sites and deploymentssites.writeAccess to create, update, and delete your project's sites and deploymentslog.readAccess to read your site's logslog.writeAccess to update and delete your site's logsOther
Name Description locale.readAccess to your project's Locale serviceavatars.readAccess to your project's Avatars servicehealth.readAccess to read your project's health statusmigrations.readAccess to read your project's migrationsmigrations.writeAccess to create, update, and delete your project's migrationstokens.readAccess to read your project's tokenstokens.writeAccess to create, update, and delete your project's tokenswebhooks.readAccess to read your project's webhookswebhooks.writeAccess to create, update, and delete your project's webhookskeys.readAccess to read your project's API keyskeys.writeAccess to create, update, and delete your project's API keysrules.readAccess to read your project's proxy rulesrules.writeAccess to create, update, and delete your project's proxy rulesvcs.readAccess to read your project's VCS repositoriesvcs.writeAccess to create, update, and delete your project's VCS repositoriesassistant.readAccess to read the Assistant service