Skip to main content
IMP has two types of programmatic credentials, each on its own page. This article covers both.

Org API keys (/keys)

Org API keys are long-lived service credentials for the organization. Use them to call the IMP API from scripts, integrations, or services — not for personal interactive use.

Scope

Every key has one of two scopes:

Creating a key

Click Create key in the page header. The create dialog asks for: After creation, the dialog shows Your new API key — a one-time reveal. Copy and store the key securely. You cannot view the full key value again after closing this dialog.
The full key value is shown only once at creation. If you lose it, delete the key and create a new one.

Attribution

Each key has optional attribution for cost tracking:
  • Team — attribute requests made with this key to a specific team.
  • Project — attribute requests to a specific project.
Edit attribution from the key detail panel at any time.

Key detail

Click any key row to open the detail panel:
  • Identity — key ID, the masked suffix (e.g., sk_.../abcd) that appears in logs, and the created date.
  • Scope — Admin or Agents, with the agent allowlist if applicable.
  • Role — the assigned role (for admin keys).
  • Attribution — team and project assignment.
  • Activity — last-used date, or “Never” if the key has not been used.
  • Danger zoneDelete key… with a confirmation that the key’s requests stop working immediately.

Changing a key’s role

Open the key detail panel, click the role selector under Role, and pick a new role. A confirmation dialog summarizes the change.

Deleting a key

In the key detail panel, click Delete key…. The confirmation states: “{name} will be deleted permanently. Requests using this key stop working immediately. This action cannot be undone.”
Looking for your personal token? See the Personal token section below, or navigate to /token in the sidebar.

Personal token (/token)

Your personal token is a short-lived JWT that identifies you. It is valid for the duration of your current session and expires when your session ends. Unlike org API keys, the personal token cannot be stored and reused across sessions.

Viewing the token

Navigate to Personal token in the sidebar (under the Develop group). If you are signed in, your current bearer token is displayed. The panel shows:
  • Token — the full JWT value, with a Copy token button.
  • Expires in — how long until the token expires (displayed in hours or minutes as the expiry approaches, or “Expired — sign in again” if it has lapsed).
  • A security note: “This token acts as you. Keep it private.”

Usage example

The page includes a Usage example (cURL) code block:
Use Copy example to copy the full snippet with your current token substituted in.

When the token expires

If the token is expired, the page shows “Expired — sign in again” and a Sign in again button. After signing back in, the page shows a fresh token.

Difference from org API keys

Need an org-level key? See the Org API keys section above. See the Developers section and API reference for authentication details and the full API surface.

Next steps

Variables

Store secrets your integrations need alongside API keys.

Users & access

Manage who has api (write) access to create org API keys.