> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.goautonomous.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys and service accounts

> Create and manage API keys for programmatic access to Go Autonomous.

## Overview

API keys let external systems and scripts authenticate with Go Autonomous programmatically. Each API key is tied to a service account — a non-human identity that can call Go Autonomous APIs on behalf of your organization.

Use API keys when you need to:

* Integrate third-party systems that push or pull data from Go Autonomous.
* Automate workflows that interact with the platform API.
* Connect custom applications to your Go Autonomous environment.

## The API Keys page

Navigate to **Administration > Company Settings > API Keys** to manage your service accounts. The page is split into two tabs:

* **Active Keys** — keys that are currently valid and can be used to authenticate.
* **Revoked Keys** — keys that have been disabled and can no longer be used. Kept for reference and auditing.

Each tab shows a counter next to the label so you can see at a glance how many keys are in each state.

For every key, the table shows:

* **Name** — the descriptive label you gave the service account.
* **Key** — a masked preview of the key value.
* **Created by** — the name of the user who created the key. If the user has since been deleted, this displays "Deleted user".
* **Creation date** — when the key was created.

## Audit trail

Click the **Audit trail** button in the top-right of the page to open a drawer with the full history of API key activity — keys created, revoked, and other changes — along with who performed each action and when.

Use the audit trail to:

* Audit who created or revoked a key.
* Investigate when a key was last changed.
* Confirm that a revocation took effect.

The audit trail mirrors entries shown in the broader [Audit Trail](/knowledge-base/administration/audit-logs), but scoped to API key events only.

## Create an API key

<Steps>
  <Step title="Click Add API Key">
    Click the add button to create a new service account and API key.
  </Step>

  <Step title="Name the service account">
    Enter a descriptive name that identifies the integration or system that will use this key (e.g., "ERP Sync Service" or "Reporting Dashboard").
  </Step>

  <Step title="Save and copy the key">
    After creation, the API key is displayed. Copy it immediately — for security reasons, the full key is only shown once.
  </Step>
</Steps>

<Warning>
  Store API keys securely. Treat them like passwords — never commit them to source control or share them in plain text. If a key is compromised, revoke it immediately and create a new one.
</Warning>

## Revoke an API key

If an API key is no longer needed or has been compromised, revoke it to immediately disable access:

1. On the **Active Keys** tab, find the service account in the list.
2. Click the **Revoke** icon on the corresponding row.
3. Confirm the revocation.

The key moves to the **Revoked Keys** tab and the action is recorded in the audit trail.

<Note>
  Revoking a key is permanent. Any system using the revoked key will immediately lose access and will need to be updated with a new key.
</Note>

## Best practices

* **Use one key per integration** — this makes it easy to revoke access for a single system without affecting others.
* **Rotate keys regularly** — create new keys and update your systems periodically as a security measure.
* **Name keys descriptively** — use names that make it obvious which system uses each key, so you can manage them confidently.
* **Track key ownership** — the API Keys page shows who created each key, making it easier to follow up if a key needs to be rotated or investigated.

## What's next

* [Set up connectors](/knowledge-base/administration/connectors) to connect Go Autonomous to external systems.
* [Configure authenticators](/knowledge-base/administration/authenticators) for credential management.