# General Translation Platform: API keys URL: https://generaltranslation.com/en-US/docs/platform/dashboard/reference/api-keys.mdx --- title: API keys description: Create and manage Project and Organization API keys for apps, local development, and automation. --- API keys authenticate your apps, CLI, and automation with General Translation. Use the narrowest key scope that fits the workflow. ## Key scopes [#key-scopes] GT supports two API key scopes: - **Organization keys** for Organization-level automation. Use them for org-level automation or workflows that need to operate across Projects in the Organization. - **Project keys** for a single Project. Use them for deployed apps, local development, previews, and Project-scoped tooling. Organization keys and Project keys have different creation flows. Project keys are created as production or development keys. Organization keys use a permission selector. ## Create Organization keys [#create-organization-keys] Create Organization keys from **Organization > API Keys**. Organization keys use the `gtx-org-` prefix and can be configured with a custom permission set. Permissions are configured per resource. `Write` includes `Read`. | Resource | Read | Write or enabled | | ----------------------- | ------------------------------------- | ----------------------------------------------------- | | **Files** | Read Project files and translations | Upload source content and write translated files | | **Context** | Read Project and Organization context | Manage context groups, glossary, and directives | | **Runtime translation** | Not applicable | Translate content on demand | | **Translation queue** | Not applicable | Queue file translation jobs for background processing | | **Project settings** | Not applicable | Update Project settings such as the default locale | Grant each key only the permissions it needs. ## Create Project keys [#create-project-keys] Create Project keys from **Project > API Keys**. Copy the full key immediately and store it in environment variables, a secrets manager, or another secure store. - **Production keys** start with `gtx-api-`. - Use them in deployed applications and production automation. Production translations use published content. - **Development keys** start with `gtx-dev-`. - Use them for local development, preview environments, and test automation. Development keys let you test translations before they are published, without affecting your live application. - Do not use development keys in production. In most SDK and CLI workflows, use the key with your Project ID: ```bash GT_API_KEY=gtx-api-... GT_PROJECT_ID=... ``` ## Manage keys [#manage-keys] Use descriptive names so keys are easy to identify later. Open the key list for the Project or Organization to review existing keys. The key list shows: - **Preview**, a truncated version of the key for identification - **Created At**, when the key was generated - **Last Used**, when the key was last used - **Delete**, to revoke a key you no longer need Revoke keys that are no longer used, and create replacements when rotating credentials. ## Security practices [#security-practices] - Never commit keys to source control. - Store keys in environment variables or a secrets manager. - Use separate keys for development, staging, and production. - Rotate keys periodically. - Revoke unused keys. - Prefer the narrowest scope that works for the integration.