Back
News
November 18th, 2024
minute read

Scoped API Keys Now Live: Secure, Fine-Grained Access Control on Runpod

Brendan McKeag
Brendan McKeag

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

We've released an expansion to our handling of API keys on Runpod. Previously, you were able to create API keys with read or read and write permissions, but now you can scope keys by endpoint and have more fine-grained control over what your keys allow access to. Here's a TL;DR summary of new features available with the update:

  • View created and last used dates for API keys
  • Disable and re-enable keys as needed
  • Differentiate access levels for endpoint and GraphQL access
  • Allow read/write, read only, or no access to any or all endpoints on a per-endpoint basis

All of your existing keys will continue to function as they have been, so if you don't have a need for the new features, you can keep using your existing keys without issue. If any of this sounds useful to you, read on for the scoop!

Setting Up Your New API Key Permissions

Your keys are in the same spot they have been, under your Settings page. All existing keys have already been migrated and will remain in their legacy format without any additional features, so to begin using the new features you'll need to create some new keys. Any new keys will be created with an rpa_ prefix. You can also enable or disable any key (legacy or not) with the slider.

There are two main level of permissions at play here:

  • GraphQL access - This allows you to create, edit, and delete numerous items associated with your account, including endpoints and pods as described in our GraphQL documentation. Note that this is an extremely powerful level of access - treat it appropriately.
  • Endpoint access - This allows the associated keys access to specific endpoints on a per-key basis, and you can admit or revoke access as you see fit.

Why is this important?

We released this because while API keys are a very powerful feature, they are also a direct link to your account, and by extension your account balance. This is especially true with GraphQL permissions; theoretically a leaked key could allow a user to create pods under your account for nefarious means (e.g. Bitcoin mining for profit on your dime.) No one wants that, so we want to ensure that you have as many options as possible to manage your account's security. We highly suggest you always follow the principle of least privilege when doling out access in general, and most specifically never allow read/write GraphQL access for longer or for more individuals than you absolutely need.

Questions? Feel free to pop on our Discord or ask our support team!

Newly  Features

We've cooked up a bunch of improvements designed to reduce friction and make the.

Create ->
Newly  Features

We've cooked up a bunch of improvements designed to reduce friction and make the.

Create ->
Newly  Features

We've cooked up a bunch of improvements designed to reduce friction and make the.

Create ->
Newly  Features

We've cooked up a bunch of improvements designed to reduce friction and make the.

Create ->
We're officially SOC 2 Type II Compliant
You've unlocked a referral bonus! Sign up today and you'll get a random credit bonus between $5 and $500
You've unlocked a referral bonus!
Claim Your Bonus
Claim Bonus
Blog

Scoped API Keys Now Live: Secure, Fine-Grained Access Control on Runpod

Runpod now supports scoped API keys with per-endpoint access, usage tracking, and on/off toggles. Create safer, more flexible keys that align with the principle of least privilege.

Author
Brendan McKeag
Date
November 18, 2024
Table of contents
TOC
TOC
Share
facebook
x
linkedin
Get started
Scoped API Keys Now Live: Secure, Fine-Grained Access Control on Runpod

We've released an expansion to our handling of API keys on Runpod. Previously, you were able to create API keys with read or read and write permissions, but now you can scope keys by endpoint and have more fine-grained control over what your keys allow access to. Here's a TL;DR summary of new features available with the update:

  • View created and last used dates for API keys
  • Disable and re-enable keys as needed
  • Differentiate access levels for endpoint and GraphQL access
  • Allow read/write, read only, or no access to any or all endpoints on a per-endpoint basis

All of your existing keys will continue to function as they have been, so if you don't have a need for the new features, you can keep using your existing keys without issue. If any of this sounds useful to you, read on for the scoop!

Setting Up Your New API Key Permissions

Your keys are in the same spot they have been, under your Settings page. All existing keys have already been migrated and will remain in their legacy format without any additional features, so to begin using the new features you'll need to create some new keys. Any new keys will be created with an rpa_ prefix. You can also enable or disable any key (legacy or not) with the slider.

There are two main level of permissions at play here:

  • GraphQL access - This allows you to create, edit, and delete numerous items associated with your account, including endpoints and pods as described in our GraphQL documentation. Note that this is an extremely powerful level of access - treat it appropriately.
  • Endpoint access - This allows the associated keys access to specific endpoints on a per-key basis, and you can admit or revoke access as you see fit.

Why is this important?

We released this because while API keys are a very powerful feature, they are also a direct link to your account, and by extension your account balance. This is especially true with GraphQL permissions; theoretically a leaked key could allow a user to create pods under your account for nefarious means (e.g. Bitcoin mining for profit on your dime.) No one wants that, so we want to ensure that you have as many options as possible to manage your account's security. We highly suggest you always follow the principle of least privilege when doling out access in general, and most specifically never allow read/write GraphQL access for longer or for more individuals than you absolutely need.

Questions? Feel free to pop on our Discord or ask our support team!

Blog Posts

Related articles.

View all

What’s New for Serverless LLM Usage in RunPod (2025 Update)

RunPod’s serverless platform continues to evolve—especially for LLM workloads. Learn what’s new in 2025 and how to make the most of fast, scalable deployments.

Run Llama 3.1 405B with Ollama on RunPod: Step-by-Step Deployment Guide

Learn how to deploy Meta’s powerful Llama 3.1 405B model on RunPod using Ollama, and interact with it through a web-based chat UI in just a few steps.

How to Run LTXVideo in ComfyUI on Runpod

LTXVideo by Lightricks is a high-performance open-source video generation package supporting text, image, and video prompting. This guide walks you through installing it in a ComfyUI pod on Runpod, including repo setup, required models, and workflow usage.

Build what’s next.

The most cost-effective platform for building, training, and scaling machine learning models—ready when you are.

Get started ->
Request a demo

You’ve unlocked a
referral bonus!

Sign up today and you’ll get a random credit bonus between $5 and $500 when you spend your first $10 on Runpod.
Claim Your Bonus
We use cookies to provide the content and functionality of this website
Accept
Reject
Cookie Preferences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cancel
Save