Overview
On the Metriport Developer Dashboard, we support generating API keys. You can have up to two API keys active at the same time, which lets you rotate your keys without any downtime. For your security, read through this page to understand how to use them.The API Key
The API Key will give you full access to the Metriport API. This key has the ability to perform destructive operations, and as such, we recommend treating it with the same care as your account password. Generally, this key should only be used in your backend services, not shared with anyone, and never exposed in plain text.Include your API key in the
x-api-key header for all API
requests.Rotating your API keys
You can have up to two API keys active at the same time. Both keys have full access to the API and can be used interchangeably, so you can rotate your keys with zero downtime - generate a new key and roll it out across your services before revoking the old one, so your requests never fail mid-rotation. We recommend rotating your keys periodically, and immediately if you believe one has been compromised. To rotate your keys on the Developer Dashboard:- Generate a second key. On the Settings page, generate a second API key. Both keys are now active and can be used interchangeably.
- Roll out the new key. Update your backend services to send the new key in the
x-api-keyheader, then deploy and confirm all traffic is using the new key. - Revoke the old key. Once no services are using the old key, revoke it on the Settings page by clicking the trash button beside it. It becomes inactive immediately.

