API Key Management

Securely manage access to GRID services and third-party AI providers.

Service & Role Keys

Service Role

Server-side keys with broad permissions. Never expose these on the client side. Generate and copy them from the Dashboard; they look like long tokens.

Anon/Public

Client-side keys safe for public use. Limited permissions based on RLS policies. Generate them from the Dashboard when you need public access.

Key Rotation

It is best practice to rotate your keys periodically or immediately if you suspect a leak.

Warning

Rotating keys will invalidate all existing sessions and API connections managed by that key. Update your environment files and deployment secrets immediately after rotation.