Org API keys (/keys)
Org API keys are long-lived service credentials for the organization. Use them to call the IMP API from scripts, integrations, or services — not for personal interactive use.
Scope
Every key has one of two scopes:Creating a key
Click Create key in the page header. The create dialog asks for:
After creation, the dialog shows Your new API key — a one-time reveal. Copy and store the key securely. You cannot view the full key value again after closing this dialog.
Attribution
Each key has optional attribution for cost tracking:- Team — attribute requests made with this key to a specific team.
- Project — attribute requests to a specific project.
Key detail
Click any key row to open the detail panel:- Identity — key ID, the masked suffix (e.g.,
sk_.../abcd) that appears in logs, and the created date. - Scope — Admin or Agents, with the agent allowlist if applicable.
- Role — the assigned role (for admin keys).
- Attribution — team and project assignment.
- Activity — last-used date, or “Never” if the key has not been used.
- Danger zone — Delete key… with a confirmation that the key’s requests stop working immediately.
Changing a key’s role
Open the key detail panel, click the role selector under Role, and pick a new role. A confirmation dialog summarizes the change.Deleting a key
In the key detail panel, click Delete key…. The confirmation states: “{name} will be deleted permanently. Requests using this key stop working immediately. This action cannot be undone.”
Looking for your personal token? See the Personal token section below, or navigate to
/token in the sidebar.Personal token (/token)
Your personal token is a short-lived JWT that identifies you. It is valid for the duration of your current session and expires when your session ends. Unlike org API keys, the personal token cannot be stored and reused across sessions.
Viewing the token
Navigate to Personal token in the sidebar (under the Develop group). If you are signed in, your current bearer token is displayed. The panel shows:- Token — the full JWT value, with a Copy token button.
- Expires in — how long until the token expires (displayed in hours or minutes as the expiry approaches, or “Expired — sign in again” if it has lapsed).
- A security note: “This token acts as you. Keep it private.”
Usage example
The page includes a Usage example (cURL) code block:When the token expires
If the token is expired, the page shows “Expired — sign in again” and a Sign in again button. After signing back in, the page shows a fresh token.Difference from org API keys
Need an org-level key? See the Org API keys section above. See the Developers section and API reference for authentication details and the full API surface.
Next steps
Variables
Store secrets your integrations need alongside API keys.
Users & access
Manage who has api (write) access to create org API keys.