- Deploy models, Chains, and training projects with the Truss CLI.
- Call model endpoints for inference.
- Use the management API.
API key types
Baseten supports two types of API keys: Personal API keys are tied to your user account. Actions performed with a personal key are attributed to you. Use personal keys for local development and testing. Team API keys are not tied to an individual user. When your organization has multi-team support enabled, team keys can be scoped to a specific team. Team keys can have different permission levels:- Full access - Deploy models, call endpoints, and manage resources.
- Inference only - Call model endpoints but cannot deploy or manage.
- Metrics only - Export metrics but cannot deploy or call models.
Create an API key
To create an API key:- Navigate to API keys in your account settings.
- Select Create API key.
- Choose Personal or Team key type.
- Enter a name for the key (lowercase letters, numbers, and hyphens only).
- For team keys, select the permission level.
- Select Next.
Use API keys with the CLI
The first time you runtruss push, the CLI prompts you for your API key and saves it to ~/.trussrc:
~/.trussrc:
Use API keys with endpoints
To call model endpoints with your API key, see Call your model.Manage API keys
The API keys page shows all your keys with their creation date and last used timestamp. Use this information to identify unused keys. To rename a key, select the pencil icon next to the key name. To rotate a key, create a new key, update your applications to use it, then revoke the old key. To revoke a key, select the trash icon next to the key. Revoked keys cannot be restored. You can also manage API keys programmatically with the REST API.Security recommendations
- Store API keys in environment variables or secret managers, not in code.
- Never commit API keys to version control.
- Use team keys with minimal permissions for production applications.
- Rotate keys periodically and revoke unused keys.