Manage API keys ↗
noSummary: Create and manage API keys with custom permissions.
Original Documentation
Documentation Index#
Fetch the complete documentation index at: https://docs.pinecone.io/llms.txt Use this file to discover all available pages before exploring further.
Create and manage API keys with custom permissions.
Each Pinecone project has one or more API keys. In order to make calls to the Pinecone API, you must provide a valid API key for the relevant Pinecone project.
This page shows you how to create, view, change permissions for, and delete API keys.
If you use custom API key permissions, ensure that you target your index by host when performing data operations such as upsert and query.
Create an API key#
You can create a new API key for your project, as follows:
Open the Pinecone console.
Select your project.
Go to API keys.
Click Create API key.
Enter an API key name.
Select the Permissions to grant to the API key. For a description of the permission roles, see API key permissions.
Users on the Starter plan can set the permissions to All only. To customize the permissions further, upgrade to the Standard or Enterprise plan.
Click Create key.
Copy and save the generated API key in a secure place for future use.
You will not be able to see the API key again after you close the dialog.
Click Close.
An access token must be provided to complete this action through the Admin API. The Admin API is in public preview.
PINECONE_PROJECT_ID="YOUR_PROJECT_ID"
PINECONE_ACCESS_TOKEN="YOUR_ACCESS_TOKEN"
curl -X POST "https://api.pinecone.io/admin/projects/$PINECONE_PROJECT_ID/api-keys" \
-H "X-Pinecone-Api-Version: 2025-10" \
-H "Authorization: Bearer $PINECONE_ACCESS_TOKEN" \
-d '{
"name": "example-api-key",
"roles": ["ProjectEditor"]
}'
```
```bash
# Target the project for which you want to create an API key.
pc target -o "example-org" -p "example-project"
# Create the API key
pc api-key create -n "example-api-key" --roles ProjectEditor
```
The example returns a response like the following:
```json
{
"key": {
"id": "62b0dbfe-3489-4b79-b850-34d911527c88",
"name": "example-api-key",
"project_id": "32c8235a-5220-4a80-a9f1-69c24109e6f2",
"roles": [
"ProjectEditor"
],
"created_at": "2025-10-20T23:40:27.069075Z"
},
"value": "..."
}
```
```text
ATTRIBUTE VALUE
Name example-api-key
ID 62b0dbfe-3489-4b79-b850-34d911527c88
Value ...
Project ID 32c8235a-5220-4a80-a9f1-69c24109e6f2
Roles ProjectEditor
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>
## View project API keys
You can [view the API keys](/reference/api/latest/admin/list_api_keys) for your project:
<span class="tab-group-start"></span>
<span class="tab-start" data-tab-title="Pinecone console"></span>
1. Open the [Pinecone console](https://app.pinecone.io/organizations/-/projects).
2. Select your project.
3. Go to the **API keys** tab.
You will see a list of all API keys for the project, including their names, IDs, and permissions.
<span class="tab-end"></span>
<span class="tab-start" data-tab-title="Code"></span>
<span class="callout-start" data-callout-type="note"></span>
An [access token](/guides/organizations/manage-service-accounts#retrieve-an-access-token) must be provided to complete this action through the Admin API. The Admin API is in [public preview](/release-notes/feature-availability).
<span class="callout-end"></span>
```bash
PINECONE_PROJECT_ID="32c8235a-5220-4a80-a9f1-69c24109e6f2"
PINECONE_ACCESS_TOKEN="YOUR_ACCESS_TOKEN"
curl -X GET "https://api.pinecone.io/admin/projects/$PINECONE_PROJECT_ID/api-keys" \
-H "Authorization: Bearer $PINECONE_ACCESS_TOKEN" \
-H "X-Pinecone-Api-Version: 2025-10"
```
```bash
PINECONE_PROJECT_ID="32c8235a-5220-4a80-a9f1-69c24109e6f2"
pc api-key list -i $PINECONE_PROJECT_ID
```
The example returns a response like the following:
```json
{
"data": [
{
"id": "62b0dbfe-3489-4b79-b850-34d911527c88",
"name": "example-api-key",
"project_id": "32c8235a-5220-4a80-a9f1-69c24109e6f2",
"roles": [
"ProjectEditor"
],
"created_at": "2025-10-20T23:39:43.665754Z"
},
{
"id": "0d0d3678-81b4-4e0d-a4f0-70ba488acfb7",
"name": "example-api-key-2",
"project_id": "32c8235a-5220-4a80-a9f1-69c24109e6f2",
"roles": [
"ProjectEditor"
],
"created_at": "2025-10-20T23:43:13.176422Z"
}
]
}
```
```text
Organization: example-organization (ID: -NM7af6f234168c4e44a)
Project: example-project (ID: 32c8235a-5220-4a80-a9f1-69c24109e6f2)
API Keys
NAME ID PROJECT ID ROLES
example-api-key 62b0dbfe-3489-4b79-b850-34d911527c88 32c8235a-5220-4a80-a9f1-69c24109e6f2 ProjectEditor
example-api-key-2 0d0d3678-81b4-4e0d-a4f0-70ba488acfb7 32c8235a-5220-4a80-a9f1-69c24109e6f2 ProjectEditor
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>
## View API key details
You can [view the details of an API key](/reference/api/latest/admin/fetch_api_key):
<span class="tab-group-start"></span>
<span class="tab-start" data-tab-title="Pinecone console"></span>
1. Open the [Pinecone console](https://app.pinecone.io/organizations/-/projects).
2. Select your project.
3. Go to the **API keys** tab.
4. In the row of the API key you want to change, in the **Actions** column, click **ellipsis (...) menu > Settings**.
You will see the API key's name, ID, and permissions.
<span class="tab-end"></span>
<span class="tab-start" data-tab-title="Code"></span>
<span class="callout-start" data-callout-type="note"></span>
An [access token](/guides/organizations/manage-service-accounts#retrieve-an-access-token) must be provided to complete this action through the Admin API. The Admin API is in [public preview](/release-notes/feature-availability).
<span class="callout-end"></span>
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
PINECONE_ACCESS_TOKEN="YOUR_ACCESS_TOKEN"
curl -X GET "https://api.pinecone.io/admin/api-keys/$PINECONE_API_KEY_ID" \
-H "Authorization: Bearer $PINECONE_ACCESS_TOKEN" \
-H "accept: application/json" \
-H "X-Pinecone-Api-Version: 2025-10"
```
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
pc api-key describe -i $PINECONE_API_KEY_ID
```
The example returns a response like the following:
```json
{
"id": "62b0dbfe-3489-4b79-b850-34d911527c88",
"name": "example-api-key",
"project_id": "32c8235a-5220-4a80-a9f1-69c24109e6f2",
"roles": [
"ProjectEditor"
],
"created_at": "2025-10-22T19:27:21.202955Z"
}
```
```text
ATTRIBUTE VALUE
Name example-api-key
ID 62b0dbfe-3489-4b79-b850-34d911527c88
Project ID 32c8235a-5220-4a80-a9f1-69c24109e6f2
Roles ProjectEditor
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>
## Update an API key
<span class="callout-start" data-callout-type="note"></span>
Users on the Starter plan cannot change API key permissions once they are set. Instead, [create a new API key](#create-an-api-key) or [upgrade to the Standard or Enterprise plan](/guides/organizations/manage-billing/upgrade-billing-plan).
<span class="callout-end"></span>
If you are a [project owner](/guides/projects/understanding-projects#project-roles), you can update the name and roles of an API key:
<span class="tab-group-start"></span>
<span class="tab-start" data-tab-title="Pinecone console"></span>
1. Open the [Pinecone console](https://app.pinecone.io/organizations/-/projects).
2. Select your project.
3. Go to the **API keys** tab.
4. In the row of the API key you want to change, in the **Actions** column, click **ellipsis (...) menu > Settings**.
5. Change the name and/or permissions for the API key as needed.
For information about the different API key permissions, refer to [Understanding security - API keys](/guides/production/security-overview#api-keys).
6. Click **Update**.
<span class="tab-end"></span>
<span class="tab-start" data-tab-title="Code"></span>
<span class="callout-start" data-callout-type="note"></span>
An [access token](/guides/organizations/manage-service-accounts#retrieve-an-access-token) must be provided to complete this action through the Admin API. The Admin API is in [public preview](/release-notes/feature-availability).
<span class="callout-end"></span>
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
PINECONE_ACCESS_TOKEN="YOUR_ACCESS_TOKEN"
curl -X PATCH "https://api.pinecone.io/admin/api-keys/$PINECONE_API_KEY_ID" \
-H "X-Pinecone-Api-Version: 2025-10" \
-H "Authorization: Bearer $PINECONE_ACCESS_TOKEN" \
-d '{
"name": "new-api-key-name",
"roles": ["ProjectEditor"]
}'
```
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
# Target the organization that contains the API key.
pc target -o "example-org"
# Update the API key name.
pc api-key update -i $PINECONE_API_KEY_ID -n "new-api-key-name"
```
The example returns a response like the following:
```json
{
"id": "62b0dbfe-3489-4b79-b850-34d911527c88",
"name": "new-api-key-name",
"project_id": "32c8235a-5220-4a80-a9f1-69c24109e6f2",
"roles": [
"ProjectEditor"
],
"created_at": "2025-10-22T19:27:21.202955Z"
}
```
```text
ATTRIBUTE VALUE
Name new-api-key-name
ID 62b0dbfe-3489-4b79-b850-34d911527c88
Project ID 32c8235a-5220-4a80-a9f1-69c24109e6f2
Roles ProjectEditor
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>
## Delete an API key
If you are a [project owner](/guides/projects/understanding-projects#project-roles), you can delete your API key:
<span class="tab-group-start"></span>
<span class="tab-start" data-tab-title="Pinecone console"></span>
1. Open the [Pinecone console](https://app.pinecone.io/organizations/-/projects).
2. Select your project.
3. Go to the **API keys** tab.
4. In the row of the API key you want to change, in the **Actions** column, click **ellipsis (...) menu > Delete**.
5. Enter the **API key name**.
6. Click **Confirm deletion**.
<span class="callout-start" data-callout-type="warning"></span>
Deleting an API key is irreversible and will immediately disable any applications using the API key.
<span class="callout-end"></span>
<span class="tab-end"></span>
<span class="tab-start" data-tab-title="Code"></span>
<span class="callout-start" data-callout-type="note"></span>
An [access token](/guides/organizations/manage-service-accounts#retrieve-an-access-token) must be provided to complete this action through the Admin API. The Admin API is in [public preview](/release-notes/feature-availability).
<span class="callout-end"></span>
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
PINECONE_ACCESS_TOKEN="YOUR_ACCESS_TOKEN"
curl -X DELETE "https://api.pinecone.io/admin/api-keys/$PINECONE_API_KEY_ID" \
-H "X-Pinecone-Api-Version: 2025-10" \
-H "Authorization: Bearer $PINECONE_ACCESS_TOKEN"
```
```bash
PINECONE_API_KEY_ID="62b0dbfe-3489-4b79-b850-34d911527c88"
# Delete the API key. Use --skip-confirmation to skip
# the confirmation prompt.
pc api-key delete -i $PINECONE_API_KEY_ID
```
The example returns a response like the following:
```text
No response payload
```
```text
[WARN] This operation will delete API key example-api-key from project example-project.
[WARN] Any integrations that authenticate with this API key will immediately stop working.
[WARN] This action cannot be undone.
Do you want to continue? (y/N): y
[INFO] You chose to continue delete.
[SUCCESS] API key example-api-key deleted
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>Link last verified
June 7, 2026.
View original ↗
Source: Pinecone Docs
Link last verified: 2026-03-04