> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rails.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Guide on How to Set up Your API Keys

To access the *Rails APIs*, developers must first configure their API keys. This process is completed through the Rails UI.

### Create a New API Key

1. Click your profile icon in the bottom left corner of the Rails UI, then select **API Key Management** from the menu.

<img src="https://mintcdn.com/railsxyz/rvYVpG4H2HIr9YkI/latest/screenshot/api-key/profileMenu.png?fit=max&auto=format&n=rvYVpG4H2HIr9YkI&q=85&s=c80072b756ae4326f97c6f636675abd2" alt="Profile menu showing the API Key Management option" width="672" height="754" data-path="latest/screenshot/api-key/profileMenu.png" />

2. On the **API Key Management** screen, you will see your existing API keys and the option to create a new one. Click the **Create API Key** button.

<img src="https://mintcdn.com/railsxyz/rvYVpG4H2HIr9YkI/latest/screenshot/api-key/beforeCreate.png?fit=max&auto=format&n=rvYVpG4H2HIr9YkI&q=85&s=2907d0172c50a66ae8302e15f45e9075" alt="API Key Management screen showing existing keys and the Create API Key button" width="1588" height="470" data-path="latest/screenshot/api-key/beforeCreate.png" />

3. Provide a descriptive name for your new key in **API Key Name**, then confirm by clicking **Create API Key**.

<Note>
  When creating an API key, you may select the <strong>read-only</strong> option. Read-only API keys can only access the following <strong>User Account</strong> endpoints across both <strong>Perpetuals</strong> and <strong>Options</strong>:

  <p><strong>Perpetuals</strong></p>

  <ul>
    <li><a href="/latest/perps/rest-api/get-account-balances">Get Balances</a></li>
    <li><a href="/latest/perps/rest-api/get-account-open-orders">Get Open Orders</a></li>
    <li><a href="/latest/perps/rest-api/get-account-open-order-by-id">Get Open Order by ID</a></li>
    <li><a href="/latest/perps/rest-api/get-account-completed-orders">Get Completed Orders</a></li>
    <li><a href="/latest/perps/rest-api/get-account-positions">Get Positions</a></li>
    <li><a href="/latest/perps/rest-api/get-account-deposits">Get Deposits</a></li>
    <li><a href="/latest/perps/rest-api/get-account-withdrawals">Get Withdrawals</a></li>
    <li><a href="/latest/perps/rest-api/get-account-fundings">Get Fundings</a></li>
  </ul>

  <p><strong>Options</strong></p>

  <ul>
    <li><a href="/latest/options/rest-api/get-account-summary">Get Account Summary</a></li>
    <li><a href="/latest/options/rest-api/get-account-positions">Get Positions</a></li>
    <li><a href="/latest/options/rest-api/get-account-orders">Get Orders</a></li>
  </ul>

  Attempting to access any other endpoints or WebSocket features with a read-only API key will result in a <strong>403 Forbidden</strong> error.
</Note>

<img src="https://mintcdn.com/railsxyz/rvYVpG4H2HIr9YkI/latest/screenshot/api-key/createForm.png?fit=max&auto=format&n=rvYVpG4H2HIr9YkI&q=85&s=eaa4435cddde4f6300423b3dfa0a5640" alt="Create API Key form with API Key Name field and read-only option" width="1558" height="1262" data-path="latest/screenshot/api-key/createForm.png" />

Each API key consists of two components: the key (identifier) and the secret (authentication credential). The secret is displayed only once—be sure to copy and store it securely before confirming the creation.

<img src="https://mintcdn.com/railsxyz/rvYVpG4H2HIr9YkI/latest/screenshot/api-key/createSuccess.png?fit=max&auto=format&n=rvYVpG4H2HIr9YkI&q=85&s=40dca3d44b01cb64cb2d4f2dc7636b54" alt="API key created successfully confirmation showing key and secret" width="1566" height="1432" data-path="latest/screenshot/api-key/createSuccess.png" />

After creation, your new API key will appear in the management table.

<img src="https://mintcdn.com/railsxyz/rvYVpG4H2HIr9YkI/latest/screenshot/api-key/afterCreate.png?fit=max&auto=format&n=rvYVpG4H2HIr9YkI&q=85&s=ca0e6275c72b0f3c818409584749ff7b" alt="API Key Management table showing the newly created API key" width="1556" height="740" data-path="latest/screenshot/api-key/afterCreate.png" />

### Revoke an Existing API Key

If an API key is compromised or you wish to rotate your keys periodically, click the "trash can" icon to revoke it.

Once revoked, you may generate a new API key by following the steps above.

### Use an API Key

API keys (key and secret) are used to obtain a short-lived access token for authorizing with the *Rails APIs*. For details, refer to the [Get Access Token](/latest/get-access-token) endpoint.

**Security best practices:**

* Always access your API secrets securely (e.g., via environment variables).
* Never commit your secrets to a code repository.
