Skip to main content
The API Keys page allows you to generate, view, and revoke API keys for accessing the ActumX API programmatically. Each key provides authenticated access to your account resources.

API Keys List

The main API Keys page displays all your issued keys in a table format:

Table Columns

  • Name - Descriptive name you assigned to the key
  • Prefix - First characters of the API key (e.g., “axk_1234…”)
  • Last Used - Timestamp of most recent API request
  • Status - Badge showing “Active” or “Revoked”
  • Action - Revoke button (for active keys only)

Key Status

API keys can have two statuses:
  • Active (green badge) - Key is valid and can authenticate API requests
  • Revoked (red badge) - Key has been deactivated and cannot be used

Creating New API Keys

Step 1: Navigate to Creation Section

The “Create New Key” card appears at the top of the API Keys page.

Step 2: Enter Key Details

  1. Enter a descriptive name for the key
    • Examples: “Production Key”, “Development”, “CI/CD Pipeline”, “Mobile App”
    • Choose names that help you identify the key’s purpose
  2. Click the “Create” button

Step 3: Save Your API Key

API Key Shown Only OnceThe complete API key is displayed only immediately after creation. You cannot retrieve it again later.
  • Copy the key immediately
  • Store it securely (password manager, environment variables, secrets manager)
  • If lost, you must create a new key
After clicking Create:
  1. Status shows “Creating API key…”
  2. New key appears in a highlighted box
  3. Full API key is displayed (e.g., “axk_1234567890abcdef…”)
  4. Click “Copy” button to copy to clipboard
  5. Status confirms “Latest key copied”

What You Receive

Latest key
axk_1234567890abcdefghijklmnopqrstuvwxyz

[Copy] button

Viewing Key Details

Active Keys Count

The page displays: Active keys: X showing how many keys are currently valid.

Key Prefix

For security, only the first few characters of each key are shown in the list (e.g., “axk_1234…”). This helps you identify keys without exposing the full secret.

Last Used Timestamp

Track when each key was last used to authenticate an API request. This helps identify:
  • Unused keys that can be revoked
  • Keys that may have been compromised
  • Active integrations

Revoking API Keys

When to Revoke

Revoke an API key when:
  • The key may have been compromised or exposed
  • You no longer need the integration
  • Rotating keys as a security best practice
  • Decommissioning an application or service
  • An employee or contractor no longer needs access

Revocation Process

  1. Locate the key in the “Issued Keys” table
  2. Click the “Revoke” button in the Action column
  3. Status updates to “Revoking key…”
  4. Key status changes to “Revoked” (red badge)
  5. Revoke button disappears
Revoked keys cannot be reactivated. You must create a new key if you need access again.

What Happens on Revocation

  • Key immediately stops working for API authentication
  • Any requests using the revoked key will receive 401 Unauthorized errors
  • Key remains visible in the dashboard for audit purposes
  • Active keys count decreases

Using API Keys

Authentication

Include your API key in the Authorization header: 
curl https://api.actumx.ai/v1/agents \
  -H "Authorization: Bearer axk_your_api_key_here"

Environment Variables

Store API keys securely using environment variables: 
export ACTUMX_API_KEY="axk_your_api_key_here"

SDK Configuration

When using the ActumX SDK, provide your API key during initialization: 
import { ActumX } from '@actumx/sdk';

const client = new ActumX({
  apiKey: process.env.ACTUMX_API_KEY
});

Key Management Best Practices

Security

Secure Storage
  • Never commit API keys to version control
  • Use environment variables or secrets managers
  • Rotate keys regularly (every 90 days recommended)
  • Use different keys for different environments
  • Revoke unused or suspicious keys immediately

Organization

Use Descriptive Names Create keys with clear, purposeful names:
  • ✅ “Production Web App”
  • ✅ “Staging Environment”
  • ✅ “GitHub Actions CI”
  • ✅ “Mobile App v2”
  • ❌ “Key 1”
  • ❌ “Test”
Separate Keys per Environment Create different keys for:
  • Development
  • Staging
  • Production
  • CI/CD pipelines
  • Third-party integrations
Track Usage Monitor “Last Used” timestamps to identify:
  • Active integrations
  • Abandoned keys to revoke
  • Potential security issues

API Key Format

ActumX API keys follow this format: 
axk_[random_characters]
  • Prefix: axk_ identifies ActumX API keys
  • Random Characters: Cryptographically secure random string
  • Length: Approximately 40-50 characters total

Troubleshooting

401 Unauthorized Errors

Possible causes:
  • API key is incorrect or has typos
  • Key has been revoked
  • Authorization header is malformed
  • Key is from a different account
Solutions:
  1. Verify the API key is copied correctly
  2. Check key status in dashboard (should be “Active”)
  3. Confirm Authorization header format: Bearer axk_...
  4. Create a new key if the old one is lost

Key Not Working

  1. Check the status is “Active” (not “Revoked”)
  2. Verify you’re using the complete key
  3. Ensure no extra spaces or characters
  4. Try creating a fresh key to test

Lost API Key

If you lost an API key:
  1. You cannot retrieve the original key
  2. Create a new API key
  3. Update your applications with the new key
  4. Revoke the old key

Monitoring and Auditing

Usage Tracking

Monitor API key usage through:
  • Last Used timestamp in the API Keys table
  • Transaction logs showing which key made each request
  • Usage events page for detailed consumption data

Audit Trail

Revoked keys remain visible in the dashboard to maintain an audit trail of:
  • When keys were created
  • When they were last used
  • When they were revoked

API Key Limitations

  • No limit on the number of API keys per account
  • Keys do not expire automatically
  • Each key has full access to your account resources
  • No granular permissions (all keys have same access level)

Next Steps