API keys

developers in the top nav — two sections: api keys (this page) and SSH keys (see SSH keys guide). Browser sessions and 2FA live under your account menu → security, not here.

What API keys are for

Authenticate the metalhost CLI, Go SDK, or direct HTTP calls to https://api.metalhost.net. Keys are long-lived credentials — rotate or revoke if leaked.

Keys table

Columns: name, prefix (mh_live_…), scope, created, actions.

Scope pills:

• project-scoped — only the current project (default).
• full access — all projects your account can reach.

The list shows this project's scoped keys plus any account-wide keys. Other projects' scoped keys are hidden.

Create a key

new api key:

• Label (optional)
• scope to this project — checked by default; uncheck for org-wide key

On create, the full secret is shown once. Copy it immediately — only the prefix appears in the list afterward. Click i've saved it to dismiss.

Rotate and revoke

• rotate — confirm; old prefix stops working; new secret shown once in a key rotated modal.
• revoke (trash) — immediate and irreversible.

Using a key

Export as METALHOST_API_KEY or pass to the CLI/SDK. For HTTP examples and command reference, see Developer docs.

What's next

• SSH keys — VM login, not API auth.
• CLI quickstart
• API reference