> ## Documentation Index
> Fetch the complete documentation index at: https://docs.metabind.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys Overview

> Project-scoped keys for client application access

API Keys provide read-only access to published Metabind resources in production. While the Metabind web application uses JWT authentication for full administrative access, API Keys enable client applications (iOS, Android, React, web) to securely access published content without requiring user authentication.

## Key Principles

### Project Scoping

Each API key is scoped to a specific project and cannot access resources across projects. This provides a simplified permission model for client applications.

### Read-Only Access

API keys provide read-only access to published content only:

* Draft content requires JWT authentication with appropriate user roles
* Keys can be revoked at any time
* Designed specifically for production content delivery

### Client Integration

API keys are designed for client-side applications:

* Easily integrates with mobile and web applications
* Used as header parameter (`x-api-key`) in API requests
* No token refresh or expiration management required

### Security

* Cannot create or modify resources
* Access limited to deployed/published content
* No access to administrative functions
* Activity is logged and monitored

## The API Key Object

<ParamField body="id" type="string">
  Unique identifier (UUID)
</ParamField>

<ParamField body="projectId" type="string">
  ID of the project this key belongs to
</ParamField>

<ParamField body="name" type="string">
  Descriptive name for the key (e.g., "iOS App Production")
</ParamField>

<ParamField body="key" type="string">
  The actual API key value (only shown at creation time)
</ParamField>

<ParamField body="status" type="string">
  Status: `active` or `revoked`
</ParamField>

<ParamField body="lastUsed" type="string">
  Last time the key was used (ISO 8601 format)
</ParamField>

<ParamField body="createdBy" type="string">
  ID of the user who created the key
</ParamField>

<ParamField body="createdAt" type="string">
  Creation timestamp (ISO 8601 format)
</ParamField>

<ParamField body="updatedAt" type="string">
  Last update timestamp (ISO 8601 format)
</ParamField>

### Example Object

```json theme={null}
{
  "id": "afd8012b-d81e-41c6-92cd-eed0c6cb3676",
  "projectId": "70093272-90ef-43df-807b-b66dd0a0b322",
  "name": "iOS Production App",
  "key": "7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW",
  "status": "active",
  "createdAt": "2024-03-20T10:00:00Z",
  "updatedAt": "2024-03-20T10:00:00Z",
  "lastUsed": "2024-03-21T15:30:00Z",
  "createdBy": "user456"
}
```

<Warning>
  The API key value is only returned once during creation. Store it securely as it cannot be retrieved later.
</Warning>

## Client API Endpoints

For the complete list of endpoints accessible via API keys, see the [Client API Endpoints](/rest/authentication#client-api-endpoints) section in the Authentication documentation.

## Using API Keys

Include the API key in the `x-api-key` header:

```bash theme={null}
curl -X GET "https://api.metabind.ai/api/v1/organizations/org123/projects/proj123/content" \
  -H "x-api-key: 7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW"
```

For detailed integration examples including iOS, Android, and React implementations, see [Using API Keys](/rest/api-keys/usage).
