API Keys and Authentication

API keys are the entry point for programmatic access to a workspace.

What API Keys Are Scoped To

Keys are workspace-scoped, not user-scoped. That means a key inherits the workspace boundary for agents, files, and responses.

Create A Key

1. Open API Keys in the workspace.
2. Choose Create API Key.
3. Add an optional label so your team knows where the key is used.
4. Choose live or test mode.
5. Select the required scopes.
6. Create the key and copy it immediately.

The plaintext key is shown only once. After that, Salambo stores only the hashed form.

Available Scopes

The UI currently exposes at least these scopes:

• responses:write
• models:read

Use responses:write if the integration will create or retrieve responses and files. Use models:read if it needs to list available agents as models.

Send The Key

Use the key as a bearer token:

Authorization: Bearer YOUR_API_KEY

Revoke Carefully

Revoking a key takes effect immediately. Any backend, script, or automation using that key will lose access at once.

Good practice:

• create separate keys for separate systems
• label them clearly
• rotate keys instead of sharing one key across every environment

Live Vs Test

Use test keys for lower-risk validation and live keys for production integrations. The UI makes the mode visible so your team can quickly tell them apart.