Links

API keys

Generate and manage API keys.
API keys are used for several actions in your Baseten workspace:
  • Deploying and managing models through the Baseten Python client
  • Invoking deployed models via HTTP requests
  • Invoking worklets via HTTP requests
In this doc, we'll cover the entire lifecycle of securely creating and using API keys.

Creating API keys

To create an API key, visit the "API keys" tab in your account settings. Click "Create new key" and a key will be generated for you. Make sure to copy the string displayed, you won't be able to access it again.
The Secret String
After your key is generated, it'll be shown on the "API keys" tab with a randomly generated two-word name.
Your New API Key
You can revoke keys to remove access from your account at any time.

Using API keys

You can keep your Baseten account secure by guarding your API keys like passwords or other sensitive secrets.
The best way to keep your API key secure is to store it as an environment variable. You can set environment variables locally by adding the following to ~/.zshrc or whatever config file your system uses.
export MY_BASETEN_API_KEY="paste value from Baseten between quotes"
Then, in your Python code, add:
import baseten
import os
​
baseten.login(os.environ["MY_BASETEN_API_KEY"])
# Use the Baseten client from here to deploy, manage, or invoke ML models!
Here are some more tips for using API keys securely:
  1. 1.
    Never give your API key to anyone (they can create their own API key in their Baseten account on your workspace).
  2. 2.
    Never use your API key directly in the front-end of a web application where users could see it by inspecting the code in the browser.
  3. 3.
    Never store your API key in a file that is pushed to GitHub or another version-controlled repository
  4. 4.
    Never publish your API key with an iPython notebook.

Managing API keys

Make sure to keep your keys out of source code and version control. If you ever suspect a key has been leaked, promptly revoke it from your account and generate a new one. For more, see Google's recommended practices for securely using API keys.