ContextQMD
Back to Ultralytics

API Keys

docs/en/platform/account/api-keys.md

8.4.466.3 KB
Original Source

API Keys

Ultralytics Platform API keys enable secure programmatic access for remote training, inference, and automation. Create named keys with AES-256-GCM encryption for different use cases.

Create API Key

Create a new API key:

  1. Go to Settings > API Keys
  2. Click Create Key
  3. Enter a name for the key (e.g., "Training Server")
  4. Click Create Key

Key Name

Give your key a descriptive name:

  • training-server - For remote training machines
  • ci-pipeline - For CI/CD integration
  • local-dev - For local development

Key Display

After creation, the key is displayed once:

!!! tip "Copy Your Key"

Copy your key after creation for easy reference. Keys are also visible in the key list — the platform decrypts and displays full key values so you can copy them anytime.

Key Format

API keys follow this format:

ul_a1b2c3d4e5f60718293a4b5c6d7e8f90a1b2c3d4
  • Prefix: ul_ identifies Ultralytics keys
  • Body: 40 random hexadecimal characters
  • Total: 43 characters

Key Security

  • Keys are stored with AES-256-GCM encryption
  • Authentication uses SHA-256 hash for fast prefix lookup and hash comparison
  • Full key values are never stored in plaintext

Using API Keys

Environment Variable

Set your key as an environment variable:

=== "Linux/macOS"

```bash
export ULTRALYTICS_API_KEY="YOUR_API_KEY"
```

=== "Windows"

```powershell
$env:ULTRALYTICS_API_KEY = "YOUR_API_KEY"
```

YOLO CLI

Set the key using the YOLO CLI:

bash
yolo settings api_key="YOUR_API_KEY"

In Code

Use the key in your Python scripts:

python
import os

# From environment (recommended)
api_key = os.environ.get("ULTRALYTICS_API_KEY")

# Or directly (not recommended for production)
api_key = "YOUR_API_KEY"

HTTP Headers

Include the key in API requests:

bash
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://platform.ultralytics.com/api/...

See the REST API Reference for all available endpoints.

Remote Training

Enable metric streaming with your key.

!!! warning "Package Version Requirement"

Platform integration requires **ultralytics>=8.4.35**. Lower versions will NOT work with Platform.

```bash
pip install "ultralytics>=8.4.35"
```
bash
export ULTRALYTICS_API_KEY="YOUR_API_KEY"
yolo train model=yolo26n.pt data=coco.yaml project=username/project name=exp1

See Cloud Training for the complete remote training guide.

Manage Keys

View Keys

All keys are listed on the Settings > API Keys tab:

Each key card shows the key name, the full decrypted key value (copyable), relative creation time, and a revoke button.

Revoke Key

Revoke a key that's compromised or no longer needed:

  1. Find the key in the API Keys section
  2. Click the Revoke (trash) button
  3. Confirm revocation

!!! warning "Immediate Effect"

Revocation is immediate. Any applications using the key will stop working.

Regenerate Key

If a key is compromised:

  1. Create a new key with the same name
  2. Update your applications
  3. Revoke the old key

Workspace API Keys

API keys are scoped to the currently active workspace:

  • Personal workspace: Keys authenticate as your personal account
  • Team workspace: Keys authenticate within the team context

When switching workspaces in the sidebar, the API Keys section shows keys for that workspace. Editor role or higher is required to manage workspace API keys. See Teams for role details.

Security Best Practices

Do

  • Store keys in environment variables
  • Use separate keys for different environments
  • Revoke unused keys promptly
  • Rotate keys periodically
  • Use descriptive names to identify key purposes

Don't

  • Commit keys to version control
  • Share keys between applications
  • Log keys in application output
  • Embed keys in client-side code

Key Rotation

Rotate keys periodically for security:

  1. Create new key with same name
  2. Update applications to use new key
  3. Verify applications work correctly
  4. Revoke old key

!!! tip "Rotation Schedule"

Consider rotating keys every 90 days for sensitive applications.

Troubleshooting

Invalid Key Error

Error: Invalid API key

Solutions:

  1. Verify key is copied correctly (including the ul_ prefix)
  2. Check key hasn't been revoked
  3. Confirm environment variable is set
  4. Ensure you're using ultralytics>=8.4.35

Permission Denied

Error: Permission denied for this operation

Solutions:

  1. Verify you're the resource owner or have appropriate workspace access
  2. Check the key belongs to the correct workspace
  3. Create a new key if needed

Rate Limited

Error: Rate limit exceeded

Solutions:

  1. Reduce request frequency — see the rate limit table for per-endpoint limits
  2. Implement exponential backoff using the Retry-After header
  3. Use a dedicated endpoint for unlimited inference throughput

FAQ

How many keys can I create?

There's no hard limit on API keys. Create as many as needed for different applications and environments.

Do keys expire?

Keys don't expire automatically. They remain valid until revoked. Consider implementing rotation for security.

Can I see my key after creation?

Yes, full key values are visible in the key list on Settings > API Keys. The Platform decrypts and displays your keys so you can copy them anytime.

Are keys region-specific?

Keys work across regions but access data in your account's region only.

Can I share keys with team members?

Better practice: Have each team member create their own key. For team workspaces, each member with Editor role or higher can create keys scoped to that workspace.