Skip to main content
API Keys enable programmatic access to Boltz Lab through the Python SDK and CLI. Generate keys for automated workflows, CI/CD pipelines, and application integrations.

API Key List

The API Keys page displays all keys created for your organization:
ColumnDescription
OwnerPerson of responsibility for the key
KeyThe key identifier (prefix shown, full key hidden for security)
Created atTimestamp of creation date (important for expiration time)
Last used atTimestamp of the most recent API call using this key

Creating an API Key

Click + Create API Key to generate a new key.
Create API Key dialog

Configuration Options

FieldRequiredDescription
Key NameYesA descriptive name to identify the key’s purpose (e.g., “Production API Key”, “CI Pipeline”)
DescriptionNoOptional notes about the key’s intended use
ExpirationNoWhen the key should expire. Options include: 1 day, 30 days, 90 days, Never
Allowed IP AddressesNoRestrict key usage to specific IP addresses for enhanced security

Key Name Best Practices

Use descriptive names that indicate:
  • The environment (Production, Staging, Development)
  • The application or service using the key
  • The team or person responsible
Examples:
  • Production API Key
  • Jenkins CI Pipeline
  • Computational Chemistry Team
  • External Partner - Acme Corp

IP Address Restrictions

For enhanced security, you can restrict API key usage to specific IP addresses:
  • Enter a comma-separated list of IPv4 or IPv6 addresses
  • Leave empty to allow access from any IP address
  • Useful for production environments with known server IPs
Example: 192.168.1.1, 10.0.0.1, 2001:db8::1
If you restrict IP addresses, ensure your servers’ IPs are included. Requests from non-allowed IPs will be rejected.

Managing Existing Keys

Important: The full API key is only shown once when created. Copy it immediately and store it securely. You cannot retrieve the full key later.

Viewing Key Details

Click on any key row to view its configuration details including:
  • Creation date
  • Last used timestamp
  • IP restrictions (if any)
  • Expiration date (if set)

Revoking a Key

To revoke an API key:
  1. Click on the key row
  2. Select Revoke Key
  3. Confirm the revocation
Revoking a key is immediate and permanent. Any applications using the key will lose access instantly. Ensure you have a replacement key configured before revoking.

Using API Keys

For a complete guide on using the API, please view the documentation in the appropriate top tab. Organizations are responsible to the security of any API keys they generate, and all usage generate with them.

Security Best Practices

Use separate keys per environment: Create distinct keys for development, staging, and production.
Set expiration dates: For temporary access or external partners, always set an expiration date.
Monitor usage: Check “Last used at” regularly to identify unused keys that can be revoked.
API key management requires Admin-level access to organization settings.