To interact with the Unkey API to manage resources such as APIs or keys, you need a root key. Root keys are scoped per workspace and you can fine tune their access permissions when creating a key or update later on the fly.
It’s a good practice to provide as few permissions as possible, to minimize the potential impact of a leaked key.
1

Start

Go to https://app.unkey.com/settings/root-keys/new
2

Name and Permissions

  1. Optionally enter a name. This is internal only and not customer facing.
  2. Add your workspace-wide permissions. These permissions affect and override the per-api permissions below.
  3. For each API in your workspace, you can enable fine grained permissions.
  4. Click Create New Key at the bottom
3

Copy your key

Be sure to copy the key before closing the window. There is no way to recover it later

What should I do if a root key is leaked?

If you leak a root key - for instance, by accidentally checking it in to version control - you should immediately revoke the root key and replace it with a new, secure key. Root keys are secrets, and should never be exposed publicly.