API Keys

API Keys allow you to programmatically access content on Posit Connect and use the Connect Server API. They are a substitute for logging in to Posit Connect to publish or access content.

API Keys are not associated with any content, and can be used to access any content that the owning user could access while logged in. The best practice is to create a new API Key for each external tool that needs access to content hosted on Posit Connect, and to give each Key a name that helps you identify the tool that uses it. When the tool no longer needs access, or if you cannot trust the Key at any time, you can quickly revoke access by deleting the Key.

Note to administrators

API Keys need to be allowed through an authentication proxy in order to reach Posit Connect. The Proxied Authentication section of the Posit Connect Admin Guide has more information about adding API Key support to your proxy.

To access content with an API Key you must provide an HTTP header whose key is Authorization and value is Key THE_API_KEY. The X-RSC-Authorization header is also accepted in a similar fashion.

All requests to content must be made to the target URL of the published content. You can find the target URL by clicking the “Open Solo” button in the upper-right of the content view. (Note: on narrow screens, the “Open Solo” button might be located in the ... menu in the upper-right of the content view.)

'Open Solo' button.

Creating and Deleting an API Key

To create an API Key, click on the circular picture in the top-right portion of the screen. The picture may have your username next to it if you are viewing Posit Connect on a large screen.

User menu with 'Profile, API Keys, Logout' items.

Click the “API Keys” item in the menu that appears, and you should be taken to the API Keys page.

API Keys page showing no API Keys created.

On the API Keys page, click “New API Key”. You will be prompted to name your API Key.

Dialog titled 'Create API Key' with the name 'my_api_key' entered.

After creating an API Key, you will be shown the key and given an opportunity to put it in a safe location. Once you close the dialog, you will NOT be shown the API Key again. This helps to keep your user account safe.

A created API Key.

If you have lost an API Key, or if you simply don’t need to use the API Key anymore, remove the API Key by clicking the trash bin icon on the far right column of the API Key list.

API Key list showing 'my_api_key' and a trash bin icon.

When you click the trash bin icon, a dialog will ask you to confirm that you want to delete the API Key. Successfully deleting the API Key will show a green status message at the top of the screen.