API Keys
ScopeDocs API keys follow the format sk_sd_{"<64 hex characters>"}. The full key is shown only once at creation — store it securely immediately.
Warning:Your API key is shown only once. If you lose it, you must rotate the key to generate a new one. The old key will be revoked.
Creating an API Key
API keys are managed in the Organization settings panel under the API Key Management section. Only organization owners can create and revoke keys.
- Go to Settings → Organization in the ScopeDocs app
- Open the API Key Management section
- Click Create API Key
- Enter a name, select scopes, and optionally set an expiry
- Copy the key — it is shown only once
Tip:Name your keys descriptively (for example
CI pipelineorinternal-agent) so you can identify and revoke them individually.
Using Your Key
Pass your key in one of two ways on every API request:
Option 1 — X-API-Key header (recommended)
curl https://scopedocs-ai-production.up.railway.app/api/v1/docs \
-H "X-API-Key: <your_api_key>"Option 2 — Bearer token
curl https://scopedocs-ai-production.up.railway.app/api/v1/docs \
-H "Authorization: Bearer <your_api_key>"Scopes
Each API key has one or more scopes. A request will fail with 403 Forbidden if the key lacks the required scope.
| Scope | Description |
|---|---|
docs:read | Read generated documentation — list, search, and retrieve docs. |
graph:read | Access knowledge graphs — repos, nodes, and full graph data. |
prs:read | Read pull request data and AI-generated explanations. |
chat | Use the RAG chat endpoint to ask questions about your codebase. |
Rotating & Revoking
You can rotate or revoke API keys at any time from Settings → Organization, inside the API Key Management section. Rotating creates a new key and immediately invalidates the old one.
Warning:Revoking a key immediately invalidates it. Any requests using the revoked key will receive
401 Unauthorized.