Shows how to create an API key that lets apps and other services access Labelbox APIs and endpoints.
Labelbox authenticates API requests using API keys, which grant access to the Python SDK and can also authorize third-party integrations, such as cloud providers. Depending on your roles and permissions, you can create, view, delete, and distribute API keys as needed.
API keys serve as access credentials to Labelbox on your behalf. Treat them with the same level of care as other sensitive credentials.
API keys of disabled accounts
API keys are tied to user accounts. If a user account is disabled, all API keys associated with that account are also disabled.
Create a new API key
To create a new API key:
- On the Labelbox home page, click Create API key.
- On the Create new API key prompt:
- Enter a descriptive name.
- Add a validity time period. The max value is 6 months.
- Select a role for the scope of access permissions.
- Your new key is displayed in the API key created prompt. Use the Copy button to copy the key to the clipboard. It's strongly recommended to save your new key in a safe location.
- Click Done to close the prompt. After closing the prompt, you won’t be able to retrieve the key.
View and delete API keys
Use the Workplace Settings > API keys tab to view and delete existing API keys. To delete an API key, locate the key you wish to delete and select ... > Delete.
Once an API key is deleted, it can no longer authenticate API requests. Any app, script, or service using the key loses access to Labelbox. To minimize disruptions, we recommend not deleting keys until you've created and replaced them with new ones.
Guidelines and best practices
For each active Labelbox account:
- API keys access to your Labelbox account and data. Treat API keys like passwords and other credentials.
- The value of an API key can only be retrieved once from the API key created prompt when the key is first created.
- If you lose the value of your API key (or cannot determine how it's being used), delete it and create a new one.
Client
The Labelbox Client is essential for all SDK workflows. It connects to a Labelbox server with your authentication API key and provides functions for querying and creating data assets.
Instantiate Labelbox Client
Use the API key to connect to the Labelbox client:
import labelbox as lb
## Option 1: List API_KEY in your Python script
API_KEY = "<YOUR_API_KEY>"
client = lb.Client(api_key=API_KEY)
## Option 2: Pass your API key as an environment variable $LABELBOX_API_KEY
# In your terminal:
user@machine:~$ export LABELBOX_API_KEY="<YOUR_API_KEY>"
# In Python:
client = lb.Client()
Manage API keys from the SDK
Create an API key
To create a new API key, provide the following:
name: a descriptive nameuser: an existing user email addressrole: an existing role (one ofclient.get_roles())validityandtime_unit: the duration of the API key using an integer (validity) and aTimeUnitenum (time_unit). Validtime_unitvalues includeTimeUnit.SECOND,TimeUnit.MINUTE,TimeUnit.HOUR,TimeUnit.DAY, andTimeUnit.WEEK.
Duration values can range between:
- minimum `{"validity":1, time_unit: TimeUnit.MINUTE}
- maximum `{"validity":25, time_unit: TimeUnit.WEEK}
api_key_settings = {
"name": "<name>",
"user": "<email>",
"role": "<role>",
"validity": "<validity>",
"time_unit": "<time_unit>"
}
new_token = client.create_api_key(**api_key_settings)
Get API keys
You can list a single API key or all, active or expired, non-revoked API keys:
# Active API keys
active_api_keys = client.get_api_keys()
# All non-revoked API keys
api_keys = client.get_api_keys(include_expired=True)
# Single API key
api_key_id = "<api_key_id>
api_key = client.get_api_key(api_key_id)
# Show expiration datetime
print(f"Expiration date: {api_key.expired_at}")
# Show creator and target user
print(f"Creator: {api_key.created_by.email} - Target user: {api_key.created_for.email}")
Revoke an API key
api_key.revoke()