Authentication
Pass your API key and understand key scoping rules.
Authenticate
Section titled “Authenticate”Read BOLTZ_API_KEY from your environment and pass it to your client. For the CLI, sign in with boltz-api auth login. For coding agents, device-code login is usually the most reliable because it does not require the agent sandbox to open a browser.
import osfrom boltz_api import Boltz
client = Boltz(api_key=os.environ["BOLTZ_API_KEY"])boltz-api auth loginimport osfrom boltz_api import Boltz
client = Boltz(api_key=os.environ["BOLTZ_API_KEY"])import Boltz from "boltz-api";
const apiKey = process.env["BOLTZ_API_KEY"];
const client = new Boltz({ apiKey });boltz-api auth login --device-codeboltz-api auth statusOr provide an API key where the agent runtime can read it:
export BOLTZ_COMPUTE_API_KEY="your-api-key"Choose the right key type
Section titled “Choose the right key type”There are two types of API keys. Which one you use depends on what you need to do.
If you need to manage workspaces or query usage
Section titled “If you need to manage workspaces or query usage”Use an admin key. Admin keys are scoped to the organization level and can:
- Create, list, and update workspaces
- Manage API keys for any workspace
- Run jobs across the organization
- Query usage data across the organization
For job endpoints that accept workspace_id, an admin key can target any non-archived workspace in the organization. If workspace_id is omitted, the request uses the default workspace.
If you only need to run jobs
Section titled “If you only need to run jobs”Use a workspace key. Workspace keys are scoped to a single workspace and can only run jobs (predictions, design runs, library screens) on that workspace. If workspace_id is provided, it must match the workspace assigned to the key.
Key scoping summary
Section titled “Key scoping summary”| Capability | Admin key | Workspace key |
|---|---|---|
| Manage workspaces | Yes | No |
| Manage API keys | Yes | No |
| Run jobs | Any workspace in the organization; defaults to the default workspace when workspace_id is omitted | Scoped workspace only |
| Query usage | Yes | No |
Key prefixes
Section titled “Key prefixes”Each key type has a distinct prefix so you can identify it at a glance:
| Prefix | Key type |
|---|---|
sk_bc_admin_live_ | Admin key (live) |
sk_bc_admin_test_ | Admin key (test) |
sk_bc_ws_live_ | Workspace key (live) |
sk_bc_ws_test_ | Workspace key (test) |
The full key is shown only once — at creation time. After that, use the key_prefix field on the API key resource to identify which key you’re looking at.
See Organizations & Workspaces for more on how workspaces and keys relate.