Link to this sectionAPI Keys#
Ultralytics Platform API keys enable secure programmatic access for remote training, inference, and automation. Create named keys with AES-256-GCM encryption for different use cases.
Link to this sectionCreate API Key#
Create a new API key:
- Go to Settings > API Keys
- Click Create Key
- Enter a name for the key (e.g., "Training Server")
- Click Create Key
Link to this sectionKey Name#
Give your key a descriptive name:
training-server- For remote training machinesci-pipeline- For CI/CD integrationlocal-dev- For local development
Link to this sectionKey Display#
After creation, the key is displayed once:
Copy your key after creation for easy reference. Keys are also visible in the key list — the platform decrypts and displays full key values so you can copy them anytime.
Link to this sectionKey Format#
API keys follow this format:
ul_a1b2c3d4e5f60718293a4b5c6d7e8f90a1b2c3d4
- Prefix:
ul_identifies Ultralytics keys - Body: 40 random hexadecimal characters
- Total: 43 characters
Link to this sectionKey Security#
- Keys are stored with AES-256-GCM encryption
- Authentication uses a SHA-256 hash for a fast indexed lookup
- Full key values are never stored in plaintext
Link to this sectionUsing API Keys#
Link to this sectionEnvironment Variable#
Set your key as an environment variable:
export ULTRALYTICS_API_KEY="YOUR_API_KEY"Link to this sectionYOLO CLI#
Set the key using the YOLO CLI:
yolo settings api_key="YOUR_API_KEY"Link to this sectionIn Code#
Use the key in your Python scripts:
import os
# From environment (recommended)
api_key = os.environ.get("ULTRALYTICS_API_KEY")
# Or directly (not recommended for production)
api_key = "YOUR_API_KEY"Link to this sectionHTTP Headers#
Include the key in API requests:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://platform.ultralytics.com/api/...See the REST API Reference for all available endpoints.
Link to this sectionRemote Training#
Enable metric streaming with your key.
Platform integration requires ultralytics>=8.4.60. Lower versions will NOT work with Platform.
pip install "ultralytics>=8.4.60"export ULTRALYTICS_API_KEY="YOUR_API_KEY"
yolo train model=yolo26n.pt data=coco.yaml project=username/project name=exp1See Cloud Training for the complete remote training guide.
Link to this sectionManage Keys#
Link to this sectionView Keys#
All keys are listed on the Settings > API Keys tab:
Each key card shows the key name, the full decrypted key value (copyable), relative creation time, and a revoke button.
Link to this sectionRevoke Key#
Revoke a key that's compromised or no longer needed:
- Find the key in the API Keys section
- Click the Revoke (trash) button
- Confirm revocation
Revocation is immediate. Any applications using the key will stop working.
Link to this sectionRegenerate Key#
If a key is compromised:
- Create a new key with the same name
- Update your applications
- Revoke the old key
Link to this sectionWorkspace API Keys#
API keys are scoped to the currently active workspace:
- Personal workspace: Keys authenticate as your personal account
- Team workspace: Keys authenticate within the team context
When switching workspaces in the sidebar, the API Keys section shows keys for that workspace. Editor role or higher is required to manage workspace API keys. See Teams for role details.
Link to this sectionSecurity Best Practices#
Link to this sectionDo#
- Store keys in environment variables
- Use separate keys for different environments
- Revoke unused keys promptly
- Rotate keys periodically
- Use descriptive names to identify key purposes
Link to this sectionDon't#
- Commit keys to version control
- Share keys between applications
- Log keys in application output
- Embed keys in client-side code
Link to this sectionKey Rotation#
Rotate keys periodically for security:
- Create new key with same name
- Update applications to use new key
- Verify applications work correctly
- Revoke old key
Consider rotating keys every 90 days for sensitive applications.
Link to this sectionTroubleshooting#
Link to this sectionInvalid Key Error#
Error: Invalid API key
Solutions:
- Verify key is copied correctly (including the
ul_prefix) - Check key hasn't been revoked
- Confirm environment variable is set
- Ensure you're using
ultralytics>=8.4.60
Link to this sectionPermission Denied#
Error: Permission denied for this operation
Solutions:
- Verify you're the resource owner or have appropriate workspace access
- Check the key belongs to the correct workspace
- Create a new key if needed
Link to this sectionRate Limited#
Error: Rate limit exceeded
Solutions:
- Reduce request frequency — see the rate limit table for per-endpoint limits
- Implement exponential backoff using the
Retry-Afterheader - Use a dedicated endpoint for unlimited inference throughput
Link to this sectionFAQ#
Link to this sectionHow many keys can I create?#
There's no hard limit on API keys. Create as many as needed for different applications and environments.
Link to this sectionDo keys expire?#
Keys don't expire automatically. They remain valid until revoked. Consider implementing rotation for security.
Link to this sectionCan I see my key after creation?#
Yes, full key values are visible in the key list on Settings > API Keys. The Platform decrypts and displays your keys so you can copy them anytime.
Link to this sectionAre keys region-specific?#
Keys work across regions but access data in your account's region only.
Link to this sectionCan I share keys with team members?#
Better practice: Have each team member create their own key. For team workspaces, each member with Editor role or higher can create keys scoped to that workspace.