Create API Key
1
Navigate to API Keys
Organization Settings → API Keys
2
Create New Key
Click Create API Key
3
Configure Key
Set key properties:
- Name: Descriptive name (e.g., “CI/CD Pipeline”)
- Scopes: Permissions (read:scans, write:scans, etc.)
- Expiration: Optional expiration date
4
Generate
Click Generate Key
5
Copy Key
Copy API key immediately
API Key Scopes
API keys use a scope-based permission system with the format{resource}:{action}:
Organization:
organization:read- View organization detailsorganization:write- Modify organization settingsorganization:manage- Full organization management
repository:read- View repositoriesrepository:write- Modify repository settingsrepository:manage- Full repository management
scan:read- View scan resultsscan:write- Trigger and manage scansscan:manage- Full scan management
violation:read- View violationsviolation:write- Update violation statusviolation:manage- Full violation management
user:read- View user informationuser:write- Modify user settingsuser:manage- Full user management
integration:read- View integrationsintegration:write- Manage integrations
api-key:read- View API keysapi-key:write- Create/revoke API keys
webhook:read- View webhook configurationswebhook:write- Manage webhooks
Using API Keys
Include API key in X-API-Key header:Rotate API Keys
Regularly rotate API keys for security:- Create new API key
- Update services to use new key
- Test new key
- Delete old key