> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yorlet.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys

> Learn how to create and manage API keys for your Yorlet account.

export const OverflowMenu = () => {
  return <span>overflow menu (•••)</span>;
};

API keys are used to authenticate your requests to the Yorlet API. To create an API key, you need to have a Yorlet account.

## Secret and publishable keys

Yorlet uses three types of API keys:

* **Secret key**: This key is used to authenticate your requests to the Yorlet API. Keep this key secure and never expose it in public.
* **Publishable key**: This key is used to authenticate your requests to the Yorlet API. You can expose this key in public.
* **Restricted key**: This key is used to authenticate your requests to the Yorlet API. You can limit the access to specific resources or actions.

<Warning>
  Secret keys have full access to your account and can perform any action on
  your behalf. Keep them secure and never expose them in public. If you suspect
  that a secret key has been compromised, roll the key immediately.
</Warning>

## Roll an API key

To roll an API key:

1. Go to the [API keys](https://dashboard.yorlet.com/developers) page.
2. In the row for the key you want to roll, click the <OverflowMenu />, then select Roll key….
3. Confirm that you want to roll the key.
4. The window displays the new key value. Copy it by clicking it.
5. Save the key value. You can’t retrieve it later.

## Delete an API key

<Info>
  You cannot delete a publishable key. You can only delete a secret key.
</Info>

To delete an API key:

1. Go to the [API keys](https://dashboard.yorlet.com/developers) page.
2. In the row for the key you want to delete, click the <OverflowMenu />, then select **Delete key**.
3. Confirm that you want to delete the key.

<Warning>
  Deleting an API key is irreversible. If you delete an API key, you can’t
  retrieve it later.
</Warning>

## Create a secret API key

To create a secret API key:

1. Go to the [API keys](https://dashboard.yorlet.com/developers) page.
2. Click the **Create secret key** button.
3. Enter a name for the API key and a note (optional).
4. Click **Create**.
5. The window displays the new key value. Copy it by clicking it.
6. Save the key value. You can’t retrieve it later.

## Restricted keys

Restricted keys allow you to limit access to specific resources or actions. This is useful when you want to grant third-party services or team members access to your Yorlet account without giving them full control.

When creating a restricted key, you can configure permissions for each resource type:

* **None**: No access to the resource
* **Read**: Can view the resource but cannot make changes
* **Write**: Can view and modify the resource

### Create a restricted key

To create a restricted key:

1. Go to the [API keys](https://dashboard.yorlet.com/developers) page.
2. Click the **Create restricted key** button.
3. Enter a name for the API key and a note (optional).
4. Configure the permissions for each resource type.
5. Click **Create**.
6. The window displays the new key value. Copy it by clicking it.
7. Save the key value. You can't retrieve it later.

## Use an API key

Include the API key in the `Authorization` header of your requests to the Yorlet API.

```http theme={"theme":"dracula"}
Authorization: Bearer {{API_KEY}}
```

Learn more about [API Authentication](https://api-docs.yorlet.com/#authentication).

#### Example use cases

The following code sample shows a request to list all the applications for your account.

```http theme={"theme":"dracula"}
curl https://api.yorlet.com/v1/applications \
  -H "Authorization: Bearer {{SECRET_KEY}}"
```
