Managing API Keys

What API keys are for

API keys let scripts and external tools talk to the panel on your behalf without using your password or 2FA code. Use a key for things like:

  • Automating server provisioning from a CI/CD pipeline.
  • Pulling service status into a custom dashboard.
  • Triggering snapshots or restarts from a cron job.

Creating a key

  1. Open your profile menu and choose API Keys.
  2. Click Create Key.
  3. Give the key a descriptive name (e.g. "deploy-bot") so you can identify it later.
  4. Choose the permissions the key should carry — only grant what the script actually needs.
  5. Copy the key value immediately. It is shown once and never again.

Using a key

Send the key as a Bearer token on every request:

curl -H "Authorization: Bearer YOUR_KEY" \
     https://panel.sableservers.com/api/v1/services

Rotating & revoking

  • If a key leaks, click Revoke on it immediately. Existing requests stop working within seconds.
  • Rotate keys at least once a year — create a new one, update your scripts, then revoke the old.
  • If you no longer need a key (e.g. a project ended), revoke it. There is no penalty for keeping the list tidy.
Never commit API keys to a public Git repository. Use environment variables or a secret manager. If a key has been pushed publicly, revoke it before doing anything else — bots scrape GitHub within minutes.
Back to Knowledge Base