Skip to main content
The apikeys client methods are currently in ALPHA. The API may change without notice. A one-time warning is emitted on first use.
API keys authenticate calls to the Arize platform. Service keys are tied to a bot user with role assignments at the account, organization, and space level; user keys are tied to a specific human user. Create issues user keys; CreateServiceKey issues service keys.

List API Keys

List returns a paginated list of API keys. Defaults to a page size of 50. Signature: 
func (c *Client) List(ctx context.Context, req ListRequest) (*APIKeyList, error)
Usage Example: 
package main

import (
    "context"
    "errors"
    "fmt"
    "log"

    "github.com/Arize-ai/client-go-v2/arize"
    "github.com/Arize-ai/client-go-v2/arize/apikeys"
)

func main() {
    client, err := arize.NewClient(arize.Config{APIKey: "your-api-key"})
    if err != nil {
        log.Fatal(err)
    }

    resp, err := client.APIKeys.List(context.Background(), apikeys.ListRequest{
        KeyType: apikeys.APIKeyTypeService,
        Status:  apikeys.APIKeyStatusActive,
        Space:   "your-space-name-or-id",
        Limit:   25,
    })
    if err != nil {
        var unauthorized *arize.UnauthorizedError
        if errors.As(err, &unauthorized) {
            log.Fatalf("unauthorized: %v", unauthorized)
        }
        log.Fatal(err)
    }

    for _, key := range resp.ApiKeys {
        fmt.Printf("%s: %s (type=%s status=%s)\n", key.Id, key.Name, key.KeyType, key.Status)
    }
}

Create a User API Key

Create issues a POST to create a new user API key and returns the created key, including the secret token. The secret is only returned at creation time. Signature: 
func (c *Client) Create(
    ctx context.Context,
    req CreateRequest,
) (*APIKeyCreated, error)
Usage Example: 
package main

import (
    "context"
    "errors"
    "fmt"
    "log"
    "time"

    "github.com/Arize-ai/client-go-v2/arize"
    "github.com/Arize-ai/client-go-v2/arize/apikeys"
)

func main() {
    client, err := arize.NewClient(arize.Config{APIKey: "your-api-key"})
    if err != nil {
        log.Fatal(err)
    }

    created, err := client.APIKeys.Create(
        context.Background(),
        apikeys.CreateRequest{
            Name:        "personal-key",
            Description: "key for local development",
            ExpiresAt:   time.Now().Add(30 * 24 * time.Hour),
        },
    )
    if err != nil {
        var badRequest *arize.BadRequestError
        if errors.As(err, &badRequest) {
            log.Fatalf("invalid request: %v", badRequest)
        }
        log.Fatal(err)
    }

    fmt.Printf("created key %s - secret: %s\n", created.Id, created.Key)
}

Create a Service API Key

CreateServiceKey creates a new service API key bound to a space. Space accepts a space name or ID. The role fields are optional — when empty, the server applies its default role at each scope. Signature: 
func (c *Client) CreateServiceKey(
    ctx context.Context,
    req CreateServiceKeyRequest,
) (*APIKeyCreated, error)
Usage Example: 
package main

import (
    "context"
    "errors"
    "fmt"
    "log"

    "github.com/Arize-ai/client-go-v2/arize"
    "github.com/Arize-ai/client-go-v2/arize/apikeys"
)

func main() {
    client, err := arize.NewClient(arize.Config{APIKey: "your-api-key"})
    if err != nil {
        log.Fatal(err)
    }

    created, err := client.APIKeys.CreateServiceKey(
        context.Background(),
        apikeys.CreateServiceKeyRequest{
            Name:      "ci-bot",
            Space:     "your-space-name-or-id",
            OrgRole:   apikeys.APIKeyOrganizationRoleMember,
            SpaceRole: apikeys.APIKeySpaceRoleMember,
        },
    )
    if err != nil {
        var badRequest *arize.BadRequestError
        if errors.As(err, &badRequest) {
            log.Fatalf("invalid request: %v", badRequest)
        }
        log.Fatal(err)
    }

    fmt.Printf("created service key %s - secret: %s\n", created.Id, created.Key)
}

Refresh an API Key

Refresh rotates the secret on an existing API key and returns the new key value. ExpiresAt is optional; when zero, the refreshed key has no expiration. Signature: 
func (c *Client) Refresh(
    ctx context.Context,
    req RefreshRequest,
) (*APIKeyCreated, error)
Usage Example: 
package main

import (
    "context"
    "errors"
    "fmt"
    "log"

    "github.com/Arize-ai/client-go-v2/arize"
    "github.com/Arize-ai/client-go-v2/arize/apikeys"
)

func main() {
    client, err := arize.NewClient(arize.Config{APIKey: "your-api-key"})
    if err != nil {
        log.Fatal(err)
    }

    rotated, err := client.APIKeys.Refresh(
        context.Background(),
        apikeys.RefreshRequest{APIKeyID: "your-api-key-id"},
    )
    if err != nil {
        var notFound *arize.NotFoundError
        if errors.As(err, &notFound) {
            log.Fatalf("api key not found: %v", notFound)
        }
        log.Fatal(err)
    }

    fmt.Printf("rotated key %s - new secret: %s\n", rotated.Id, rotated.Key)
}

Delete an API Key

Delete removes an API key by ID. It returns only an error. Signature: 
func (c *Client) Delete(ctx context.Context, req DeleteRequest) error
Usage Example: 
package main

import (
    "context"
    "errors"
    "log"

    "github.com/Arize-ai/client-go-v2/arize"
    "github.com/Arize-ai/client-go-v2/arize/apikeys"
)

func main() {
    client, err := arize.NewClient(arize.Config{APIKey: "your-api-key"})
    if err != nil {
        log.Fatal(err)
    }

    err = client.APIKeys.Delete(
        context.Background(),
        apikeys.DeleteRequest{APIKeyID: "your-api-key-id"},
    )
    if err != nil {
        var notFound *arize.NotFoundError
        if errors.As(err, &notFound) {
            log.Printf("no api key to remove: %v", notFound)
            return
        }
        log.Fatal(err)
    }
}