# API Keys Use this page when you need to create a Luxonis Hub API key and use it safely from your own backend or server-side tooling. Hub API keys are backend-only secrets with full team access. > **Backend-only secret** > Keep Hub API keys in your backend or server-side tooling only. Do not expose them in browser code, mobile apps, public repositories, or other client-side environments. ## Create an API key You can create API keys in the Luxonis Hub web UI: 1. Navigate to [Team Settings](https://hub.luxonis.com/team-settings) 2. Click the Create API Key button ## Use a key from your backend Use your API key by including it in the Authorization header with the Bearer prefix when your backend calls Luxonis Hub APIs. The most common pattern is: 1. Your customer-facing app authenticates to your own backend. 2. Your backend stores the Hub API key securely. 3. Your backend calls Hub APIs on behalf of your product workflow. 4. Your frontend receives only the derived payload it needs. ```bash curl -X POST https://api.cloud.luxonis.com/graphql \ -H "Authorization: Bearer tapi._R06IFhNCIZ_Sgj505i9Ow.ca_8I5JbY...r-coSA" \ -H "Content-Type: application/json" \ -d '{ "query": "query { team { devices { nodes { id name } } } }" }' ``` For GraphQL control-plane requests, use the public team { ... } surface described in [About GraphQL](https://docs.luxonis.com/cloud/api/graphql.md). ## Related docs ### Integration Architecture See the recommended customer frontend, customer backend, and Hub control-plane split. [Integration Architecture](https://docs.luxonis.com/cloud/api/guides/integration-architecture.md) ### About GraphQL Build GraphQL requests against the public Hub control API. [About GraphQL](https://docs.luxonis.com/cloud/api/graphql.md) ### Models API Use the separate models API for advanced model registry and conversion automation. [Models API](https://docs.luxonis.com/cloud/api/reference/models-api.md) ### Snaps in DepthAI Send snaps and related data to Luxonis Hub from DepthAI applications. [Snaps in DepthAI](https://docs.luxonis.com/software-v3/depthai/tutorials/snaps.md) ## FAQ To revoke an API key, please contact support at support@luxonis.com. This functionality will be available in the UI in the future. If you need revocation support sooner, include the affected team and key details in your request so the team can help you faster. API keys have admin/full access to your account, including the ability to manage devices, applications, and all other team resources. Restricting API key permissions is a planned feature for 2026. Currently, all API keys have full admin access to your team's resources. If scoped permissions are important for your workflow today, contact support@luxonis.com and describe the access model you need. Viewing existing API keys is a planned feature. For now, ensure you securely store your API keys when you create them.