> ## Documentation Index
> Fetch the complete documentation index at: https://docs.labelbox.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Labelbox API key
> Shows how to create an API key that lets apps and other services access Labelbox APIs and endpoints.
Labelbox authenticates API requests using **API keys**, which grant access to the Python SDK and can also authorize third-party integrations, such as cloud providers. Depending on your [roles and permissions](/docs/roles-and-permissions), you can create, view, delete, and distribute API keys as needed.
API keys serve as access credentials to Labelbox on your behalf. Treat them with the same level of care as other sensitive credentials.
### API keys of disabled accounts
API keys are tied to user accounts. If a user account is disabled, all API keys associated with that account are also disabled.
## Create a new API key
To create a new API key:
1. On the Labelbox [home](https://app.labelbox.com/home) page, click **Create API key**.
2. On the **Create new API key** prompt:
* Enter a descriptive **name**.
* Add a **validity** time period. The max value is 6 months.
* Select a role for the scope of access [permissions](/docs/roles-and-permissions).
* Click **Create** to complete the setup.
3. Your new key is displayed in the **API key created** prompt. Click the **Copy** icon next to the API key to copy the key to the clipboard. It's strongly recommended to save your new key in a safe location.
4. Click **Done** to close the prompt. After closing the prompt, you won’t be able to retrieve the key.
## View and delete API keys
Go to **Workplace Settings** → [API keys](https://app.labelbox.com/workspace-settings/api-keys) to view and delete existing API keys. To delete an API key, locate the key you wish to delete, open the context menu, and click **Delete**.
Once an API key is deleted, it can no longer authenticate API requests. Any app, script, or service using the key loses access to Labelbox. To minimize disruptions, we recommend not deleting keys until you've created and replaced them with new ones.
## Guidelines and best practices
For each active Labelbox account:
* API keys access to your Labelbox account and data. Treat API keys like passwords and other credentials.
* The value of an API key can only be retrieved once from the **API key created** prompt when the key is first created.
* If you lose the value of your API key (or cannot determine how it's being used), delete it and create a new one.
## Client
The Labelbox Client is essential for all SDK workflows. It connects to a Labelbox server with your authentication API key and provides functions for querying and creating data assets.
## Instantiate Labelbox Client
Use the API key to connect to the Labelbox client:
```python Python theme={null}
import labelbox as lb
## Option 1: List API_KEY in your Python script
API_KEY = ""
client = lb.Client(api_key=API_KEY)
## Option 2: Pass your API key as an environment variable $LABELBOX_API_KEY
# In your terminal:
user@machine:~$ export LABELBOX_API_KEY=""
# In Python:
client = lb.Client()
```
## Manage API keys from the SDK
### Create an API key
To create a new API key, provide the following:
* `name`: a descriptive name
* `user`: an existing user email address
* `role`: an existing role (one of `client.get_roles()`)
* `validity` and `time_unit`: the duration of the API key using an integer (`validity`) and a `TimeUnit` enum (`time_unit`). Valid `time_unit` values include `TimeUnit.SECOND`, `TimeUnit.MINUTE`, `TimeUnit.HOUR`, `TimeUnit.DAY`, and `TimeUnit.WEEK`.
Duration values can range between:
* minimum `{"validity":1, time_unit: TimeUnit.MINUTE}`
* maximum `{"validity":25, time_unit: TimeUnit.WEEK}`
```python Python theme={null}
api_key_settings = {
"name": "",
"user": "",
"role": "",
"validity": "",
"time_unit": ""
}
new_token = client.create_api_key(**api_key_settings)
```
### Get API keys
You can list a single API key or all, active or expired, non-revoked API keys:
```python Python theme={null}
# Active API keys
active_api_keys = client.get_api_keys()
# All non-revoked API keys
api_keys = client.get_api_keys(include_expired=True)
# Single API key
api_key_id = ""
api_key = client.get_api_key(api_key_id)
# Show expiration datetime
print(f"Expiration date: {api_key.expired_at}")
# Show creator and target user
print(f"Creator: {api_key.created_by.email} - Target user: {api_key.created_for.email}")
```
### Revoke an API key
```python Python theme={null}
api_key.revoke()
```