Skip to main content

Account API keys

Developer API requests use Account API keys from Developer Console. Keys start with cr_sk_ and authenticate only the public /v1/* API.
Authorization: Bearer cr_sk_your_key_here
This page covers Developer Platform Account API keys. App-scoped API Trigger keys are created from an agent detail page in agent.creao.ai, start with capi_, and authenticate the app-scoped agent.creao.ai/api/v1/apps/{appId}/runs route. See API Paths for the comparison.
Account API keys are server-side secrets. Do not put them in browser frontend code, mobile apps, public repositories, client logs, or analytics events.

Create a key

1

Open Developer Console

Go to developer.creao.ai with the CREAO account that owns the agents you want to run.
2

Create an Account API key

Open API Keys, create a key, and store it immediately. The full key is shown only once.
3

Copy an agent ID

Create a personal agent with POST /v1/agents, or open Agents and copy the agent_id for an active personal agent. Developer Platform runs agents you own in CREAO.

Scope

Account API keys can create, edit, and run personal agents owned by the same CREAO account. They cannot create or edit team agents, manage files, manage schedules, publish to Agent Store, access Console session APIs, or authenticate internal CREAO routes. If a key is missing, malformed, revoked, or unknown, the API returns:
{ "error": "AUTHENTICATION_REQUIRED" }

Backend example

Node.js
const response = await fetch("https://developer.creao.ai/v1/runs", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.CREAO_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    agent_id: "00000000-0000-4000-8000-000000000000",
    input: { query: "Summarize this customer feedback export" },
  }),
});

const run = await response.json();

Key rotation

Create a new key, update your backend secret store, deploy the new value, then revoke the old key in Developer Console. Revoked keys cannot be restored.