# API Keys

### What is an API Key?

An API key is a long secret string that acts as a password for your workspace. Every time your Roblox game calls the Auxvyn API, it sends this key in the request header. Auxvyn checks the key, identifies which workspace it belongs to, and either allows or denies the request.

Example of what a key looks like:

```
auxvyn_111111111111111111111111111111111111111111111111111111111111
```

***

### How Keys Are Stored

Auxvyn never stores your raw API key. When you generate a key, it is:

1. Shown to you **once** in the dashboard — copy it immediately
2. Hashed using **SHA-256** before being saved to the database
3. Never retrievable again after you close the dialog

This means even if Auxvyn's database were ever compromised, your raw keys would not be exposed.

{% hint style="warning" %}
If you lose your key, you cannot recover it. You must revoke it and generate a new one.
{% endhint %}

***

### Generating a Key

* Open your workspace and click the **API Keys** tab
* Enter a label for the key (something descriptive like `Production` or `Dev` )
* Click **Generate**

<figure><img src="/files/5ajlvMEbPqmoncc4qxVW" alt=""><figcaption></figcaption></figure>

* Copy the key immediately using the copy button

<figure><img src="/files/nRwjs1dQPVhCywnye8Xg" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
The key is shown once. After you close the dialog it is gone forever.
{% endhint %}

***

### Key Labels

Labels help you identify what each key is used for. Good examples:

* `Production` — the key used in your live published game
* `Dev` — a key used during development and testing
* `Staging` — a key for a test version of your game

Labels are just for your reference and have no effect on permissions or behavior.

***

### Using a Key in Your Game

When you install Auxvyn using the plugin, your API key is automatically configured in the server-side script the plugin creates for you. You do not need to manually add your key anywhere.

If you ever need to update your key — for example after rotating it — open the Auxvyn plugin from your Plugins toolbar and follow the reconnect flow. The plugin will update the key in the correct place automatically.

{% hint style="danger" %}
Your API key is always kept in a server-side Script by the plugin. It is never placed in a LocalScript or ReplicatedStorage where exploiters could access it. Do not move the plugin generated script or copy your key into any client-side code.
{% endhint %}

***

### Revoking a Key

If you believe a key has been leaked or compromised, revoke it immediately.

1. Go to the **API Keys** tab in your workspace
2. Find the key you want to remove
3. Click the **Delete Button**

<figure><img src="/files/2Xuu5ySxs7vugHik4Kog" alt=""><figcaption></figcaption></figure>

The key is instantly invalidated. Any game scripts still using it will start receiving `401 Unauthorized` errors. Generate a new key and update your game script as soon as possible.

***

### Multiple Keys

You can have multiple active keys for the same workspace at the same time. This is useful if:

* You have multiple developers each using their own dev key
* You want to rotate keys without downtime
* You want separate keys for your live game and your test place

***

### Key Rotation

It is good practice to rotate your API keys periodically, especially if:

* A team member who had access to the key leaves
* You suspect the key may have been exposed
* You are doing a security audit of your game

To rotate without downtime:

1. Generate a new key
2. Update your game script with the new key
3. Publish the updated game
4. Revoke the old key

***

### Limits

| Plan | API Keys per workspace |
| ---- | ---------------------- |
| Free | Unlimited              |
| Pro  | Unlimited              |

There is no limit on how many keys you can have per workspace.

***

### Security Checklist

Before going live with your game, make sure:

* [ ] Your API key is only in a server-side **Plugin Script**
* [ ] You have not shared your key in any video, screenshot, or public message
* [ ] You are using a descriptive label so you know what each key is for
* [ ] You have a plan for key rotation if your team changes

***

### What's Next


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://auxvyn.gitbook.io/auxvyn-docs/core-concepts/api-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.