Workspace API keys authenticate public /gw/… routes: mint keys in the console, rotate them safely, import the CLI key into the VS Code extension, and pair with Bearer/JWT flows for management APIs separately.
API keys gate access to gateway routes that are configured for API key authentication. Create and manage them from the API Keys panel in the sidebar.
Usage
curl
curl -H "X-Api-Key: your-key" \ https://your-host/api/gw/your-tenant/your-path
Keys can be rotated or deactivated at any time. One key can be designated as the CLI key for use with the VS Code extension.
The management REST API under /api/… (invoke, deploy, code upload, etc.) uses your login session or Authorization: Bearer with a JWT — not the gateway API key. Send X-Api-Key only to public /gw/… routes that expect it.