Skip to main content
API keys belong to a space. Every event sent with a key lands in that space — the ingest API derives the space from the key, so the SDK never needs a space ID.

Create a key

  1. In the dashboard, go to Settings → API Keys.
  2. Click New and name the key after the system that will use it (for example production-api).
  3. Copy the key from the confirmation modal.
The full key is shown only once, in the confirmation modal. Carbon stores a hash of the key, not the key itself — it cannot be recovered later. If a key is lost, create a new one.
Store the key as a secret in your deployment environment:
.env
CARBON_API_KEY=your-api-key

Manage keys

The Active Keys table lists every key with its name, a key hint (the only part of the key that remains visible), status, and creation date.
  • Use one key per environment or service so keys can be rotated independently.
  • Delete a key to revoke it. Requests with a deleted key fail immediately with 401 Unauthorized.

Rotation

  1. Create a new key.
  2. Update the secret in your deployment environment.
  3. Delete the old key once nothing uses it.
Events are unaffected by rotation — they belong to the space, not the key.