The ax api-keys commands let you create and manage API keys for accessing the Arize platform programmatically.
ax api-keys list
List API keys for the authenticated user.
ax api-keys list [--key-type <type>] [--status <status>] [--limit <n>] [--cursor <cursor>]
| Option | Description |
|---|
--key-type | Filter by key type: user or service |
--status | Filter by status: active or deleted |
--limit | Maximum number of results to return (default: 15) |
--cursor | Pagination cursor for the next page |
ax api-keys list
ax api-keys list --key-type service --status active
ax api-keys list --output api-keys.json
ax api-keys create
Create a new API key.
Two types are available:
- user — Authenticates as you with your full permissions.
--space-id must NOT be set.
- service — Scoped to a specific space with limited roles.
--space-id is required.
ax api-keys create --name <name> [options]
| Option | Description |
|---|
--name | Name for the API key (max 256 characters) |
--description | Optional description (max 1000 characters) |
--key-type | Key type: user (default) or service |
--space-id | Space ID (required when --key-type is service) |
--expires-at | Expiration datetime in ISO 8601 format (e.g. 2025-12-31T23:59:59). If omitted, the key never expires |
The raw key value is displayed once after creation. Save it securely — it will not be shown again.
# User key (no expiry)
ax api-keys create --name "CI Pipeline Key"
# Service key scoped to a space
ax api-keys create \
--name "Staging Service Key" \
--key-type service \
--space-id sp_abc123
# User key with expiry
ax api-keys create \
--name "Temporary Key" \
--expires-at "2025-12-31T23:59:59"
ax api-keys delete
Delete an API key. The key is deleted immediately and permanently.
ax api-keys delete <key-id> [--force]
| Option | Description |
|---|
--force | Skip the confirmation prompt |
ax api-keys delete key_abc123
ax api-keys delete key_abc123 --force
ax api-keys refresh
Atomically revoke an existing key and issue a replacement with the same name, description, type, and scope. Use this to rotate credentials without updating metadata.
ax api-keys refresh <key-id> [--expires-at <datetime>]
| Option | Description |
|---|
--expires-at | New expiration datetime in ISO 8601 format. If omitted, the replacement key never expires |
The new raw key value is displayed once after refresh. Save it securely — it will not be shown again.
ax api-keys refresh key_abc123
ax api-keys refresh key_abc123 --expires-at "2026-12-31T23:59:59"
