Skip to main content

Where to get a key

Create and manage your API keys at platform.usecroma.com. Sign in, open your organization, and generate a key from the API keys section. The full key is shown only once at creation, so copy it somewhere safe before leaving the page.

Create an API key

Open the Croma platform to mint and manage your organization’s keys.

Bearer scheme

Send your key in the Authorization header using the Bearer scheme:

Organization-scoped keys only

Croma keys are minted for an organization, not an individual user. The API rejects personal keys with 401:
This keeps usage, rate limits, and billing attributed to the org rather than whichever teammate happened to create the key.

Key format

Keys are issued branded as croma_<env>_…. For example, croma_live_… in production and croma_test_… elsewhere. The environment prefix tells you at a glance which deployment a key targets; never use a test key against production data or vice versa.
A key grants full API access for its organization. Store it as a secret (environment variable / secrets manager), never commit it, and rotate it if exposed.

Failed authentication

Every authentication failure returns a 401 with an authentication_error envelope. The code field tells you what went wrong:

Next: Rate limits

How quotas are bucketed and surfaced in every response.