Skip to main content
Already have API keys in production? Migrate them to Unkey without requiring your users to generate new keys.

How migration works

1

Export your existing keys

Extract key hashes from your current system (database, auth provider, etc.)
2

Get a migration ID

Contact us to set up your migration and receive a migrationId
3

Import to Unkey

Use the migration API to import your key hashes with their configuration
4

Update your verification

Point your API verification to Unkey — existing keys work immediately

Why key hashes?

Unkey never stores plaintext keys. During migration, you provide the hash of each key, not the key itself. Your users continue using their existing keys. When they call your API:
  1. You extract the key from the request
  2. Unkey hashes it and matches against stored hashes
  3. Verification succeeds if there’s a match
Result: Zero changes required from your users.

What can be migrated?

SettingMigrated?
Key hash
Custom metadata
Roles & permissions
Rate limits
Credits/remaining
Expiration
Identity/owner

Migration paths

Self-managed database

Export hashes from PostgreSQL, MySQL, MongoDB, etc.

Auth providers

Migrate from Auth0, Clerk, Firebase, or custom auth.

Other API management

Moving from Kong, Tyk, or homegrown solutions.

Custom systems

We’ll help you figure out the best approach.

Get started

1

Contact us

Email [email protected] with:
  • Your workspace ID
  • Current key storage system
  • Approximate number of keys
  • Hash algorithm used (SHA-256, bcrypt, etc.)
2

Plan your migration

We’ll help you design a migration strategy that minimizes risk.
3

Execute

Follow our step-by-step guide to migrate your keys.
Every system is different. We’re here to help — reach out at [email protected] and we’ll guide you through your specific migration.

Next steps

Migration guide

Step-by-step instructions for migrating keys

API reference

Full v2 API documentation
Last modified on February 6, 2026