Skip to main content
An SDK API key authenticates the FlowPilot iOS SDK to the FlowPilot backend. You create a key in the dashboard, copy it once, and pass it to the SDK at launch. The SDK sends it on every request as Authorization: Bearer <key>.
An SDK API key is not the same as your dashboard login. The token from your Clerk dashboard session will not authenticate the SDK. Create a dedicated SDK key here.

Create a key

API keys live under Settings -> API Keys.
1

Open the API Keys tab

In Settings, select API Keys. Existing keys appear in a table; click Create Key to add one.
2

Name the key and pick an environment

In the Create API Key dialog, fill in:
  • Key Name: a descriptive label, for example Production API Key.
  • Environment: Production or Staging. Production keys should only be used in production apps.
Click Create Key.
3

Copy the key now

The key is revealed once, under “API Key Created” with the warning “Copy your API key now. You won’t be able to see it again.” Click the copy button and store it somewhere safe, such as a password manager or an environment variable. Click Done when you are finished.
TODO: screenshot of the “API Key Created” dialog with the reveal-once key and copy button.
After creation, the key appears in the table with its name, a masked prefix (for example fp_live_1a2b3c4d...), its environment, when it was last used, and when it was created.

Key format

The first part of every key tells you its environment:
  • Production keys start with fp_live_.
  • Staging keys start with fp_test_.
The full key follows the prefix with a random suffix. Only the prefix is ever shown again in the dashboard; the rest is stored hashed and cannot be recovered.

Use the key in the SDK

Pass the key to FlowPilotConfiguration when you configure the SDK at launch. Do not hardcode a real key in source you commit; load it from your build configuration or a secret store. 
import FlowPilotSDK

FlowPilot.configure(
    FlowPilotConfiguration(
        apiKey: "fp_live_xxxxxxxxxxxxxxxx",
        appId: "your-app-id"
    )
)
The SDK adds the key to each request as Authorization: Bearer <key>. For the full request contract, see SDK REST API. For where the key fits in SDK setup, see Configuration.

Revoke a key

To revoke a key, click the trash action on its row. Confirm in the Revoke API Key dialog. Any app using that key immediately loses access, and the action cannot be undone. If a key is lost or leaked, revoke it and create a new one.
Keys are workspace-scoped and of type sdk. A single key works for every app in the workspace; the app is selected by the appId you pass to the SDK, not by the key.

Common mistakes

  • Committing a key to source control. Treat keys as secrets. Load them from environment variables or your secret manager, not a checked-in file.
  • Using a dashboard token instead of an SDK key. Your Clerk dashboard session does not authenticate the SDK. Only an fp_live_ or fp_test_ key works.
  • Using the wrong environment key for a build. A staging (fp_test_) key in a production build, or the reverse, will not behave as expected. Match the key’s environment to the build.
  • Using a key from a different workspace than the app. The key and the app’s appId must belong to the same workspace, or the resolve fails.

Troubleshooting

SymptomLikely causeFix
Requests fail to authenticateWrong key type, or a dashboard token was usedCreate an SDK key here and confirm it starts with fp_.
Worked before, now rejectedKey was revokedCreate a new key and update your build.
Lost the keyKeys are shown only onceRevoke the old key and create a replacement.