Skip to main content
The api_keys client methods are currently in ALPHA. The API may change without notice. A one-time warning is emitted on first use.
Manage Arize API keys programmatically. Create, list, delete, and regenerate user or service keys.

Key Capabilities

  • List API keys with optional filtering by type or status
  • Create user keys (account-scoped) or service keys (space-scoped)
  • Delete keys immediately and permanently
  • Refresh (rotate) a key while preserving its name and scope

List API Keys

List API keys for the authenticated user. Optionally filter by key_type ("user" or "service") and status ("active" or "deleted"). When status is omitted, only active keys are returned. 
resp = client.api_keys.list(
    key_type="service",  # optional: "user" or "service"
    status="active",     # optional: "active" or "deleted"
    limit=50,
)

for key in resp.api_keys:
    print(key.id, key.name, key.key_type)
For details on pagination, field introspection, and data conversion (to dict/JSON/DataFrame), see Response Objects.

Create an API Key

Two key types are supported via separate methods:
  • User key (create) — authenticates as the creating user with their full permissions.
  • Service key (create_service_key) — scoped to a specific space, backed by a bot user with configurable roles.
The raw key value is returned only once in the key field of the response. Store it securely — it cannot be retrieved again.

User Key

result = client.api_keys.create(
    name="my-user-key",
    description="Used for CI pipeline",  # optional
)

print(result.key)   # store this securely — shown only once
print(result.id)

Service Key

When no roles are specified, the server applies defaults (space_role="member", org_role="read-only", account_role="member"). All role assignments must be at or below the caller’s own privilege level. 
from datetime import datetime, timezone

result = client.api_keys.create_service_key(
    name="my-service-key",
    space="your-space-name-or-id",
    expires_at=datetime(2027, 1, 1, tzinfo=timezone.utc),  # optional
    space_role="member",        # optional: "admin", "member", or "read-only"
    org_role="read-only",       # optional: "admin", "member", or "read-only"
    account_role="member",      # optional: "admin" or "member"
)

print(result.key)   # store this securely — shown only once
print(result.id)

Delete an API Key

Delete a key by ID. The key is deactivated immediately and permanently. 
client.api_keys.delete(api_key_id="your-api-key-id")

print("API key deleted")

Refresh an API Key

Revoke an existing key and issue a replacement with the same name, description, type, and scope. A new raw key value is returned. Use grace_period_seconds to keep the old key valid briefly while your services rotate to the new key.
The new raw key value is returned only once in the key field of the response. Store it securely.
from datetime import datetime, timezone

result = client.api_keys.refresh(
    api_key_id="your-api-key-id",
    expires_at=datetime(2027, 1, 1, tzinfo=timezone.utc),  # optional
    grace_period_seconds=300,                               # optional: keep old key valid for 5 minutes
)

print(result.key)   # store this securely — shown only once