Overview
Components
Deploy
API Keys
Better-AuthWhy API keys?
API keys let you call your backend from trusted services (CRON jobs, background workers, other servers) without a browser session or cookie. They are ideal for:
- Authenticating machine-to-machine requests.
- Rotating secrets without affecting end-user sessions.
- Granting and revoking access per key instead of per user.
Activate API keys
Enable the feature in your auth constants:
src/convex/auth.constants.ts
When apiKeys: true is set, the API Keys section appears in the user profile (below accounts).
Managing keys in the UI
In the User Profile → API Keys section, users can:
- Create keys by giving them a name and choosing an expiration (7/30/60/90 days, custom date, or no expiration).
- Copy the secret once right after creation. For security, the secret value is not shown again.
- Update keys later to rename them or change the expiration.
- Delete keys at any time. Deleted keys stop working immediately.