> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qbraid.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create, view, rotate, and revoke API keys for programmatic access to qBraid.

Every qBraid user gets unique API keys for programmatic access. Use them with [qBraid Runtime](/v2/sdk/user-guide/runtime), the [REST API](/v2/api-reference/user-guide), the [CLI](/v2/cli/api-reference/qbraid), or [Quantum Jobs](/v2/lab/user-guide/quantum-jobs) from Lab.

Open the API Keys page from the sidebar under **Account > API Keys**.

<Frame>
  <img src="https://storage.googleapis.com/qbraid-static-assets/qbraid-docs/account/account-api-key-base.png" alt="API Keys page" />
</Frame>

## Create an API key

<Steps>
  <Step title="Open API Keys">
    Click **Account > API Keys** in the sidebar.
  </Step>

  <Step title="Click Create API Key">The button is in the top-right.</Step>
  <Step title="Enter details">Name the key and pick any scopes if shown.</Step>
  <Step title="Confirm">Click create. The new key value is shown once.</Step>
</Steps>

<Danger>
  The key value is shown **only once**, right after creation. Copy it
  immediately and store it somewhere secure. If you lose it, you'll have to
  revoke and create a new one.
</Danger>

<Frame>
  <img src="https://storage.googleapis.com/qbraid-static-assets/qbraid-docs/account/account-api-key-new.png" alt="Creating an API key" />
</Frame>

## View key details

<Steps>
  <Step title="Open API Keys">
    Click **Account > API Keys** in the sidebar.
  </Step>

  <Step title="Click the key in the list">The row expands inline.</Step>
</Steps>

You'll see:

* Creation date.
* Last used date.
* Status (`active` or `inactive`).
* Permissions and usage stats.

<Frame>
  <img src="https://storage.googleapis.com/qbraid-static-assets/qbraid-docs/account/account-api-key-details.png" alt="API key details" />
</Frame>

## Rotate a key

Rotation generates a new key value with the same name and permissions, and immediately invalidates the old one.

<Steps>
  <Step title="Open API Keys">
    Click **Account > API Keys** in the sidebar.
  </Step>

  <Step title="Find the key">Locate it in the list.</Step>

  <Step title="Click Refresh">
    The refresh icon sits next to the Copy icon on each row.
  </Step>

  <Step title="Confirm regeneration">
    Click **Regenerate Key** in the dialog. The new value is shown once.
  </Step>
</Steps>

<Danger>
  Once you regenerate, the old key stops working straight away. Update every
  service using it **before** rotating, or production will break.
</Danger>

## Revoke a key

<Steps>
  <Step title="Open API Keys">
    Click **Account > API Keys** in the sidebar.
  </Step>

  <Step title="Find the key">Locate it in the list.</Step>
  <Step title="Click Delete">The trash icon on the row.</Step>
  <Step title="Confirm">Confirm in the dialog.</Step>
</Steps>

The key is permanently removed.

<Frame>
  <img src="https://storage.googleapis.com/qbraid-static-assets/qbraid-docs/account/account-api-key-revoke.png" alt="Revoking an API key" />
</Frame>

<Danger>
  Revoked keys cannot be recovered. Make sure nothing in production is still
  using the key before you revoke.
</Danger>

## Security best practices

API keys grant access to your credits and resources. Treat them like passwords.

<AccordionGroup>
  <Accordion title="Rotate regularly" icon="rotate">
    Every 90 days is a reasonable baseline. Rotate sooner if you suspect a leak.
  </Accordion>

  <Accordion title="Don't commit keys to source control" icon="ban">
    Use environment variables or a secrets manager (1Password, Vault, AWS
    Secrets Manager, etc.).
  </Accordion>

  <Accordion title="Don't share keys in chat or screenshots" icon="eye-slash">
    Send via a password manager or vault link. Screenshots leak through bug
    reports and tickets.
  </Accordion>

  <Accordion title="Monitor usage" icon="chart-line">
    Review the **Last used** column periodically. If a key is being used when it
    shouldn't be, revoke it.
  </Accordion>
</AccordionGroup>

If you discover a vulnerability, report it via our [security advisory form](https://github.com/qBraid/community/security/advisories). For the full security policy, see [qBraid Security Policy](https://github.com/qBraid/community/security/policy).