Manage Duckie API keys from Settings -> API Access.
The API Access section shows each key’s name, preview, scopes, creator, created time, last-used time, expiration, and status.
Create a Key
Open API Access
Go to Settings -> API Access.
Create a key
Click Create key.
Name the key
Use a name that identifies the integration or environment, such as Warehouse export or Production reporting.
Choose scopes
Select the read scopes this key should have. All read scopes are selected by default.
Choose an expiration
Select No expiration, 90 days, or 1 year.
Store the key
Copy the full key from the one-time reveal dialog and store it in your secret manager.
The full API key is shown only once. Duckie stores a hash and a preview after creation.
Scopes
| Scope label | Scope value |
|---|
| Runs | api:runs:read |
| Tools | api:tools:read |
| Agents | api:agents:read |
| Guidelines | api:guidelines:read |
| Guardrails | api:guardrails:read |
| Runbooks | api:runbooks:read |
Rename a Key
Use rename when the integration name changes or you want a clearer label. Renaming changes only the display name. The API key value and scopes stay the same.
Revoke a Key
Revoking a key stops new requests with that key immediately.
Find the key
Go to Settings -> API Access and find the key in the table.
Revoke
Click the revoke action and confirm.
Rotate integrations
Update any integration that used the revoked key with a newly created key.
Statuses
| Status | Meaning |
|---|
| Active | The key can authenticate requests until it expires or is revoked |
| Expired | The key is past its configured expiration |
| Revoked | The key was manually revoked |
