Project API Key
Backend onlyDefault key for simple setup across selected AuthToolkit products.
Default use Start here for server-side setup and basic project integration.SelectedRequires backend-only confirmation.identity.authtoolkit.com
Create Key Flow Preview
Static future-flow route for key kind selection, product scopes, Commerce entitlement awareness, expiration, safety confirmations, one-time reveal, and generated preview behavior.
Project Settings / API Keys
Create Key Flow Preview
Static plan for choosing a key kind, selecting scopes, reviewing Commerce entitlements, confirming safety, and previewing one-time reveal behavior.
Platform step: Keys → Scope → Reveal preview
Static demo only. No real keys are generated, live APIs are not connected, and no secret is stored.
Key nameBackend Project API KeyProject IDproject_identity_demoEnvironmentproductionExpiration90_days
Step 1
Choose key kind
Pick the safest key type for where this key will be used.
Product-scoped API Key
Backend onlyAdvanced key limited to one or more product actions.
Default use Use when a worker or backend should only access one product area.Requires backend-only confirmation.Read-only Analytics Key
Backend onlyRead-only key for Analytics dashboards and reports.
Default use Use for reporting surfaces that must not write product data.Requires backend-only confirmation.Backend Secret Key
Backend onlyBackend-only key for trusted server environments.
Default use Use on trusted servers, workers, or backend jobs.Requires backend-only confirmation.Service Role Key
Dangerous backend-onlyDangerous backend-only key for administrative operations.
Default use Use only for tightly controlled backend administration.Requires backend-only confirmation.Requires Service Role Key danger confirmation.Step 2
Choose product scopes
This key can access the selected product actions below. Scope selection is static in this preview.
Identity
EnabledEvaluate access decisions for actors and resources.
Verification
TrialRead verification status and evidence summaries.
Notification
EnabledSend delivery requests through configured notification channels.
Commerce
EnabledRead Commerce-owned entitlement status for product access.
Marketing
Upgrade requiredSend merchant-owned campaigns after plan access is enabled.
Analytics
EnabledRead dashboards and operational reporting generated from products.
QR Experience
EnabledRead QR scan events and hosted experience summaries.
Step 3
Review Commerce entitlements
A key scope allows technical access. Commerce entitlement controls commercial access. Product actions need both before execution.
Identity
EnabledIdentity access evaluation is enabled for this project.
Commerce owns entitlement: trueVerification
TrialVerification is available in trial mode.
Commerce owns entitlement: trueCommerce
EnabledCommerce entitlement reads are enabled for this project.
Commerce owns entitlement: trueMarketing
Upgrade requiredMarketing campaign sending requires a plan upgrade even when a key scope is selected.
Commerce owns entitlement: trueAnalytics
EnabledAnalytics reporting is enabled for this project.
Commerce owns entitlement: trueStep 4
Set expiration
Choose how long the key should remain valid. Rotation keeps production access safer.
7 days
Short-lived key for temporary testing.
30 days
Limited window for temporary integrations.
90 days
SelectedRecommended default for planned rotation.
Never expires
Use only when rotation is handled separately.
Step 5
Confirm safety
Required confirmations are shown before any future live key creation can continue.
I understand backend-only keys must stay server-side.
Required · Demo satisfiedI understand Service Role Keys are dangerous.
Required · Not selected in demoI understand secrets are shown once.
Required · Demo satisfiedI understand Commerce entitlements may block actions even if key scopes allow them.
Required · Demo satisfiedStep 6
One-time reveal
This secret is shown once. Store it securely.
Reveal state
hiddenDo not paste secrets into browser apps, mobile apps, public examples, or client bundles.
No real secret is shown in this static preview.
Step 7
Generated preview row
Future live creation should return a preview row after one-time reveal is handled.
Key nameBackend Project API KeyKindProject API KeySecret preview
atk_...newkeyCreated2026-06-07T22:30:00ZEnvironmentproductionProject IDproject_identity_demoSelected scopes
Identityaccess.evaluateVerificationverification.readNotificationnotification.sendCommercecommerce.entitlement.readMarketingmarketing.campaign.sendAnalyticsanalytics.report.readQR Experienceqr.scan.read
This secret is shown once. Store it securely.
Future key lifecycle
Rotate, revoke, expire, and view usage
These actions are disabled placeholders. They do not call live APIs in this static demo.
Page Help
Key Creation Flow Help
Page-only help for the static key creation flow plan.
I can help with this page only. Ask me about anything here that you need help understanding.
I’m not a general chatbot. I only explain information available on this page.
Route/project-settings/key-createSurfaceKey Creation FlowPlatform stepKeys → Scope → Reveal preview
Suggested questions
StaticWhat key type should I choose?
What does expiration mean?
What are safety confirmations?
Why is one-time reveal preview static?
Answer previews
Page-onlyProject API Key is the default simple choice. Product-scoped, read-only analytics, backend secret, and service role options are advanced previews.
Page copyDemo data
Fallback: I can help with this page only. I don’t see that information here.
Open related surfaceExpiration is the planned lifetime for a future key. This static preview shows choices such as 7 days, 30 days, 90 days, and never expires.
Page copyDemo data
Fallback: I can help with this page only. I don’t see that information here.
Open related surfaceSafety confirmations explain backend-only keys, dangerous service role access, one-time reveal behavior, and Commerce entitlement limits.
Page copyDemo data
Fallback: I can help with this page only. I don’t see that information here.
Open related surfaceOne-time reveal is static because no real credential generation or secret storage exists in this phase.
Page copyDemo data
Fallback: I can help with this page only. I don’t see that information here.
Open related surfaceAllowed sources
ScopedText visible on this route.
Static model data rendered by this page.
Page-specific phase documentation.
Route, title, and platform-step context.
Future global helper boundary
FutureGlobal help can answer from Knowledge Hub only.
Global help can answer from Knowledge Hub only. This static console phase does not include Knowledge Hub search.
I don’t see that in the Knowledge Hub yet.