API keys are security credentials required to perform API requests to Modzy. They authenticate and authorize users to access a range of Modzy APIs, such as to deploy models, run jobs, or manage accounts, depending on the roles assigned to them. Roles are explained in detail in our Authorization section.
When a request is sent, Modzy verifies the user’s identity by authenticating the API key. If verified, Modzy processes the request; otherwise, the request fails.
Our API keys are composed of an ID that is split by a dot into two parts: the prefix and the body.
The prefix is the API keys' visible part. It’s unique and it may show up in pages, URIs, and API requests. It’s only used to identify the key and by itself, it’s unable to perform API requests.
The body is the prefix’s complement and it’s required to perform API requests. For security reasons, it’s only sent to the owner, when they get a key’s body. Since it’s not stored on Modzy’s servers, it cannot be recovered. Make sure to save it securely. If lost, you can update the key’s body.
Make sure to keep API keys securely saved. Treat your key’s body like a password and do not share it with others.
To perform API requests to Modzy, you can use your team or project keys. Add the key to the request’s authorization header.
When a Team Administrator invites new users or adds existing users to a team, a team key is created and assigned to them. Teams may have preset permissions that are granted to each member’s API key. These permissions are roles that can change over time and include the ability to deploy models, audit, run jobs, and view results. Users that belong to multiple teams have a team key for each team. When a user is removed from a team, their team key is deleted. Team keys cannot be reassigned to other users and users can only have one team key per team.
Project keys facilitate shared credentials, service accounts, and others. Created when a new project is created, each project has a single project key. They have the PROJECT role, an exclusive, fixed role that can only complete the full job lifecycle. These keys cannot deploy models, audit, or manage accounts. New projects can be created as needed and each user may have many projects.
Team Administrators may invite new users or add existing users to a team. In both cases, a team key is created and assigned to the user. Teams may have preset permissions that are granted to each member’s team key. Also, the Team Administrator may manually set these permissions if they select the team key’s roles.
Any user can create and manage projects. When a project is created, a project key is created and assigned to the project.
If a user is removed from a team:
- their team key is deleted.
- If they join the team again, a new team key is issued.
- If the user created a project before, the project key remains active and is assigned to the team admin user.
If a user’s status is set as inactive:
- their team keys get deactivated.
- their jobs get canceled.
If a user’s status is set as deleted:
- their team keys get deleted.
- their jobs get canceled.
- this status is final and the user and its keys cannot return to the previous status.
Platform Administrators and Team Administrators can reactivate users.