> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys

> Authenticate with the Cysmiq API using personal or workspace scoped keys.

## Overview

API keys provide programmatic access for integrations and automation. Cysmiq supports personal keys and workspace keys.

## Key types

| Key type          | Where you manage it         | Scope         | Notes                                    |
| ----------------- | --------------------------- | ------------- | ---------------------------------------- |
| Personal API key  | User security settings      | User scoped   | Can be restricted to specific workspaces |
| Workspace API key | Workspace security settings | Tenant scoped | Managed by workspace admins              |

## Scopes

Available scopes in the UI:

| Scope                  | API value                | Description                                                                                     |
| ---------------------- | ------------------------ | ----------------------------------------------------------------------------------------------- |
| Read vulnerabilities   | `vulnerabilities:read`   | Access vulnerability lists, summary data, details, and vulnerability locations for repositories |
| Update vulnerabilities | `vulnerabilities:write`  | Update vulnerability workflow metadata such as assignees                                        |
| Read policy violations | `policy-violations:read` | Access [policy violation](/policies/violations) lists and details for repositories              |
| Read scans             | `scans:read`             | Access scan lists and status for repositories                                                   |
| Read organizations     | `organizations:read`     | Access organization lists and details                                                           |
| Read repositories      | `repositories:read`      | Access repository lists and details                                                             |
| Read applications      | `applications:read`      | Access application lists and details                                                            |
| Read tenants           | `tenants:read`           | List the workspaces the key can access                                                          |

The default scope set includes read access for vulnerabilities, policy violations, scans, organizations, repositories, applications, and tenants. Write access must be selected explicitly.

Existing keys keep the scopes selected when they were created. If a key was created before `applications:read` or `tenants:read` was available, create a new key with those scopes to use application or tenant list endpoints.

## Expiration options

The field is labeled **Expires** in the UI.

* 7 days
* 30 days
* 90 days
* 180 days
* 365 days
* Never

## Key lifecycle

* **Create**: Name the key, choose scopes, select an expiration, and optionally restrict the key to one or more workspaces
* **One time display**: New keys are shown once. Copy and store them securely
* **Status**: Keys are marked **Active**, **Expired**, or **Disabled**
* **Usage details**: View created time, last used time, expiration date, scopes, and any workspace restrictions
* **Revoke**: Revoke a key to permanently disable it

## Related docs

* [API reference](/api-reference)
* [Manage API keys](/guides/api-keys)
