Manage API Keys
Create, configure, rotate, and revoke your GoldenClaw API keys
Create an API Key
1. Open the API Keys Page
Navigate to your Dashboard → API Keys.
2. Configure the Key
Click Create New Key and set:
- Name — a descriptive label (e.g.,
prod-trading-bot,dev-market-data) - Scopes — select the permissions your key needs (see guide below)
3. Copy Your Key
Your key is shown only once. Copy it immediately and store it in a password manager or environment variable.
One-time visibility
API keys cannot be viewed again after creation. If you lose a key, revoke it and create a new one.
Scope Selection Guide
Choose scopes based on your use case:
| Use Case | Required Scopes |
|---|---|
| Market data + indicators | market:read, indicators:read |
| Portfolio monitoring | market:read, account:read, trade:futures:read |
| Futures trading | market:read, account:read, trade:futures:write |
| Spot trading | market:read, account:read, trade:spot:write |
| Full access (all markets) | All 9 scopes |
Write scopes (trade:spot:write, trade:futures:write, trade:coinm-futures:write) require a Plus or Pro plan. See Authentication for the complete scope reference.
Revoke a Key
- Go to Dashboard → API Keys
- Find the key to revoke
- Click Revoke and confirm
Revocation is immediate. Any requests using the revoked key will return 401 Unauthorized.
Rotate a Key
Best practice — rotate keys periodically to limit exposure:
- Create a new key with the same scopes
- Update your application or MCP config with the new key
- Verify the new key works
- Revoke the old key
Naming Conventions
Use descriptive names that identify environment and purpose:
prod-trading-bot— production trading automationstaging-market-data— staging environment, read-onlydev-testing— local development and testing
This makes it easy to identify which key to revoke if compromised, and which application is consuming requests.