> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mobilerun.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create and manage API keys for programmatic access to the Mobilerun API.

The API Keys tab allows you to generate and manage authentication keys for accessing the Mobilerun API. Use API keys to integrate Mobilerun into your applications, CI/CD pipelines, and automation workflows.

## Overview

API keys provide:

* Authentication for API requests
* Programmatic access to all Mobilerun features
* Integration with external tools and services

## Creating an API Key

To generate a new API key:

1. Click **Create API Key**
2. Enter a descriptive name for the key (e.g., "CI Pipeline", "Production Server")
3. Click **Create**
4. Copy the generated key immediately

<Warning>
  API keys are only displayed once at creation. Store your key securely as you will not be able to view it again.
</Warning>

<Info>
  Mobilerun cloud keys always start with the prefix **`dr_sk_`**. Pass the full key, including the prefix, as a bearer token in the form `Authorization: Bearer dr_sk_...`. This is a different credential from your LLM provider keys such as `GOOGLE_API_KEY` or `OPENAI_API_KEY`, which are only used by the local [Framework](/framework/quickstart). See [the two kinds of API keys](/quickstart#two-kinds-of-api-keys) for guidance on when to use each one.
</Info>

## Managing API Keys

Your API key list displays:

| Field         | Description                            |
| ------------- | -------------------------------------- |
| **Name**      | The descriptive name you assigned      |
| **Created**   | When the key was generated             |
| **Last Used** | Most recent API request using this key |

### Revoke Keys

Delete API keys that are no longer needed or may have been compromised. Revoked keys immediately stop working for all API requests.

<Info>
  Revoking a key cannot be undone. You will need to create a new key and update any integrations that used the old key.
</Info>

## Using API Keys

Include your API key in the request headers when calling the Mobilerun API:

```bash theme={null}
curl -X POST https://api.mobilerun.ai/v1/tasks \
  -H "Authorization: Bearer dr_sk_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Open Settings app", "llmModel": "mobilerun/mobile-agent-fast"}'
```

<Tip>
  If you are new to the API, the [Cloud Quickstart](/cloud/quickstart) walks through the full flow in TypeScript, Python, and cURL. It covers finding a device, running a task, and reading the result.
</Tip>

### Authentication Header

All API requests require the `Authorization` header:

```
Authorization: Bearer dr_sk_YOUR_API_KEY
```

## API Documentation

The complete API reference is available via OpenAPI specification. Access the full documentation to explore all available endpoints:

* **Tasks** - Create, monitor, and manage agent tasks
* **Devices** - List and manage your devices
* **Apps** - Upload and install applications
* **Credentials** - Manage stored credentials
* **Hooks** - Configure webhooks for task events

<Card title="API Reference" icon="code" href="/api-reference/tasks/run-task">
  View the complete API documentation with request/response schemas and examples.
</Card>

## Best Practices

| Practice                  | Description                                                               |
| ------------------------- | ------------------------------------------------------------------------- |
| **Use descriptive names** | Name keys by their purpose (e.g., "GitHub Actions", "Monitoring Service") |
| **Separate environments** | Create distinct keys for development, staging, and production             |
| **Rotate periodically**   | Generate new keys and revoke old ones on a regular schedule               |
| **Limit exposure**        | Store keys in environment variables or secret managers, never in code     |
| **Monitor usage**         | Check the "Last Used" timestamp to identify inactive keys                 |

## Environment Variables

Store your API key as an environment variable rather than hardcoding it:

```bash theme={null}
export MOBILERUN_API_KEY="your_api_key_here"
```

Then reference it in your code or scripts:

```bash theme={null}
curl -X POST https://api.mobilerun.ai/v1/tasks \
  -H "Authorization: Bearer $MOBILERUN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Open Settings app", "llmModel": "mobilerun/mobile-agent-fast"}'
```
