# About API Keys

API keys authenticate requests to Treasure AI's REST APIs and are required for programmatic access, automations, and workflow operations.

## API Key Types

Treasure AI provides two types of API keys:

**Master API key**
Grants full operational access matching your user permission level.

Keep your Master key secure—Master keys provide both read and write access, so anyone who obtains it could access, corrupt, or delete your data. Never share or expose a Master key.

**Write-only API key**
Grants restricted access limited to data ingestion. Use this key when embedding credentials in third-party tools or ingestion libraries to minimize security risk.

New users receive one of each key type by default. You can generate additional keys or revoke existing ones from the API Keys portal.

## Scope and Applicability

- API key expiration applies to **all customer-visible API keys**, including both Master and Write-only keys.
- Internal API keys are **not** affected by expiration policies.
- Existing workflows, automations, or integrations using an API key will **fail** if the key expires. Users are responsible for replacing expired keys in their applications before expiration.


## Learn More

- [API Key Expiration Policy](/ja/products/control-panel/security/api-key/api-key-expiration-policy) — Configure key rotation and lifespan settings.
- [Configuring Expiration Reminders](/ja/products/control-panel/security/api-key/configuring-expiration-reminders) — Set up automated notifications before keys expire.
- [Manually Expiring API Keys](/ja/products/control-panel/security/api-key/manually-expiring-api-keys) — Immediately deactivate a key without deleting it.


## Related Resources

- [Accessing REST APIs](/ja/products/control-panel/security/accessing-rest-apis)
- [Audit Logs](/ja/products/control-panel/security/auditlogs/audit-logs)
- [Users and Roles](/ja/products/control-panel/security/users)
- [Policies](/ja/products/control-panel/security/policies)