> ## Documentation Index > Fetch the complete documentation index at: https://arize-ax.mintlify.dev/docs/llms.txt > Use this file to discover all available pages before exploring further. # API and Service Keys Arize AX supports two types of API keys: * **User keys** are tied to your user account and inherit all the permissions you have. If you have admin access to Space A and read-only access to Space B, the key reflects these permissions. If you are removed from the account, the key is disabled. * **Service keys** are designed for automated services and applications that need to persist beyond individual users. Service keys are tied to bot users rather than human users, ensuring they continue to work even if the original creator leaves the organization. ## Create a User Key 1. Go to **Settings → API Keys**. 2. Click **+ New API Key**. 3. Ensure **User Key** is selected as the Key Type. 4. Enter a **Key Name**. 5. Click **Create Key**. 6. **Copy and save the key immediately.** For security, the full key is shown **only once** during creation. Treat your key like a password — store it somewhere secure and rotate it regularly. ## Create a Service Key Admins and Members can create service keys with permissions equal to or below their own access level. For example, an Admin with access to multiple spaces can create a service key restricted to just one space for a data ingestion service. This follows the principle of least privilege for automated systems. 1. Go to **Settings → API Keys** and select the **Service Keys** tab. 2. Click **+ New API Key** or **New Service Key**. 3. Enter a **Key Name** to identify its purpose (e.g., "Production Data Pipeline" or "QA Environment"). 4. Select **Service Key** as the Key Type. 5. Choose a **Space Role** for the service key: **Admin**, **Member**, or **Read-Only Member**. 6. Optionally, expand **Advanced** to configure **Org Role** and **Account Role**. 7. Click **Create Key**. 8. **Copy and save the key immediately.** For security, the full key is shown **only once** during creation. ### Who Can Create Service Keys | Role | Can Create Service Keys | | -------------------- | -------------------------------------------------- | | **Admin** | Yes — with any permission level up to Admin access | | **Member** | Yes — with permissions up to Member access level | | **Read-Only Member** | No | Service keys inherit the permission restrictions of their creator — you cannot grant a service key more permissions than you currently have. ### Key Differences from User Keys The main differences between service keys to user keys are: * **Persistence**: Service keys remain active even if the creator leaves the organization * **Restricted Permissions**: Can be configured with limited permissions for specific use cases * **Bot User Association**: Each service key is tied to a bot user account rather than a human user * **Organizational Continuity**: Designed for long-running services and automation ## Where You Can Use Keys Both user keys and service keys authenticate every Arize client and workflow: * `pandas` logger * Dataset uploads & validations * Experiments * Exports * GraphQL & REST endpoints * Anything supported by the **Arize SDK v7.40.1+**