> ## Documentation Index
> Fetch the complete documentation index at: https://developer.tra.cy/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

API keys are long-lived credentials that do not require rotation. They are ideal for server-side integrations, scripts, and more, as they simplify API interaction and eliminate the need for complex refresh logic.

<Warning>
  Never use API keys in client-side code (for example, in a browser), as they **can be easily stolen**.
</Warning>

## Usage

To authenticate an HTTP request using an API key, include the `X-Api-Key` header.

<RequestExample>
  ```bash Example theme={null}
  curl --request GET \
    --url '/records' \
    --header 'X-Api-Key: <YOUR_API_KEY>'
  ```
</RequestExample>

## Restrictions

Each API key is governed by two main parameters that define its scope of access within the workspace.

<ParamField body="userType" default="user" type="string" required>
  The administrative authority level of the key.

  Possible values:

  * `user`—no administrative privileges (**recommended for most scenarios**).
  * `administrator`—management capabilities (including **full deletion**) for dashboards, datasets, roles, and users (except for those with full administrative access).
  * `owner`—management capabilities (including **full deletion**) for dashboards, datasets, roles, users (without restrictions), and the workspace itself.
</ParamField>

<ParamField body="role" default="null" type="integer">
  The data access level of the key. Defaults to **unrestricted**.

  Like any role, it determines which datasets are accessible (per state and property) and under what conditions.
</ParamField>

<Note>
  Since an API key is not linked to a specific user, any “assigned only” permissions for the specified role will not apply.
</Note>

<Warning>
  Never grant a higher level of data access than is strictly necessary. For example, if an API key is provided to website developers only for automatic lead creation via a web form, it should not allow retrieval of any existing data.
</Warning>

<Tip>
  You can issue multiple API keys for programmatic interaction with your workspace—each with its own set of restrictions.
</Tip>

## Getting a Key

To get an API key, please contact Tracy [support](https://tra.cy/en/#contacts).

<Note>
  API keys are available only for workspaces on the “Small” plan and above.
</Note>