Skip to main content

API Keys

API keys authenticate the GameFlow CLI and any direct calls to the GameFlow API. One key per organization.

Manage your key from the dashboard at Settings → API Key.

Generating a key

If no key exists, click Generate. The new key is shown in full, copy it immediately.

warning

The key grants full API access to your organization. Treat it like a password, never commit it to source control or expose it in client-side code.

Using your key

After generating, install the CLI and log in:

curl -fsSL https://install.gameflow.gg | sh && \
  gameflow login --api-key <YOUR_API_KEY>

The CLI stores the key locally and uses it for all subsequent commands. For CI/CD, set the key via the --api-key flag or your platform's secret store.

Rotating a key

Click Rotate to issue a new key. The old key is invalidated immediately, so update any CI pipelines, scripts, or gameflow login sessions that depend on it.

Use rotation when:

  • A key may have been exposed.
  • A team member with access leaves.
  • On a regular schedule as part of your security policy.

Deleting a key

Click Delete to permanently revoke the key. No new key is issued; generate a fresh one when you're ready.

After deletion:

  • All CLI sessions using the key stop working.
  • Any automation depending on the key fails until a new key is generated and rotated in.

Where the key fits

  • CLI, gameflow login --api-key … uses it for every subsequent command (builds create, servers allocate, etc.).
  • API, pass the key in the Authorization header when calling endpoints in the API Reference.
  • Dashboard, does not use the API key. The dashboard uses your authenticated session from sign-in.