Best practices for API keys
Securely access your Baseten models
API keys are used to:
- Deploy models to your Baseten account from the Truss CLI.
- Call models via the inference API or
truss predict
in the CLI. - Make requests to other model endpoints such as
/wake
. - Manage models via the management API.
- Export metrics to your observability stack via the
/metrics
endpoint.
You can create and revoke API keys from your Baseten account.
API key scope: account vs workspace
There are two types of API keys on Baseten:
- Personal keys are tied to your Baseten account and have the full permissions associated with your account in the workspace. They can be used to deploy, call, and manage models, and can also be used to export model metrics. Every action taken with a personal API key is associated with the matching user account.
- Workspace keys are shared across your entire Baseten workspace. When you create a workspace API key, you can grant it full access to the workspace or limit it to only being able to perform actions on selected models.
Use account-level API keys for deploying and testing models and use workspace-level API keys in automated actions and production environments.
Using API keys with Truss
To use an API key for authentication with commands like truss push
and truss predict
, set it in your ~/.trussrc
file:
[baseten]
remote_provider = baseten
api_key = abcdefgh.1234567890ABCDEFGHIJKL1234567890
remote_url = https://app.baseten.co
If you rotate your API key, just open the file in a text editor and paste the new API key to update.
Using API keys with endpoints
To use an API key for requests to model endpoints, pass it as a header in the HTTP request:
curl -X POST https://app.baseten.co/models/MODEL_ID/predict \
-H 'Authorization: Api-Key abcdefgh.1234567890ABCDEFGHIJKL1234567890' \
-d 'MODEL_INPUT'
The header is a key-value pair:
headers = {"Authorization": "Api-Key abcdefgh.1234567890ABCDEFGHIJKL1234567890"}
Tips for managing API keys
Best practices for API key use apply to your Baseten API keys:
- Always store API keys securely.
- Never commit API keys to your codebase.
- Never share or leak API keys in notebooks or screenshots.
The API key list on your Baseten account shows when each key was first created and last used. Rotate API keys regularly and remove any unused API keys to reduce the risk of accidental leaks.