Manage service accounts at the organization-level ↗

Summary: Create service accounts for organization-level API access.

Original Documentation

Documentation Index#
Fetch the complete documentation index at: https://docs.pinecone.io/llms.txt Use this file to discover all available pages before exploring further.

Create service accounts for organization-level API access.

This feature is in public preview and available only on Enterprise plans.

This page shows how organization owners can add and manage service accounts at the organization-level. Service accounts enable programmatic access to Pinecone’s Admin API, which can be used to create and manage projects and API keys.

Once a service account is added at the organization-level, it can be added to a project. For more information, see Manage service accounts at the project-level.

Create a service account#

You can create a service account in the Pinecone console:

Go to Settings > Access > Service accounts.
Enter a Name for the service account.
Choose an Organization Role for the service account. The role determines the service account’s permissions within Pinecone.
Click Create.
Copy and save the Client secret in a secure place for future use.
You will not be able to see the client secret again after you close the dialog.
Click Close.

Once you have created a service account, add it to a project to allow it access to the project’s resources.

Retrieve an access token#

To access the Admin API, you must provide an access token to authenticate. Retrieve the access token using the client secret of a service account, which was provided at time of creation.

You can retrieve an access token for a service account from the https://login.pinecone.io/oauth/token endpoint, as shown in the following example:

curl "https://login.pinecone.io/oauth/token" \ # Note: Base URL is login.pinecone.io
	-H "X-Pinecone-Api-Version: 2025-10" \
	-H "Content-Type: application/json" \
	-d '{
		"grant_type": "client_credentials",
		"client_id": "YOUR_CLIENT_ID",
		"client_secret": "YOUR_CLIENT_SECRET",
		"audience": "https://api.pinecone.io/"
	}'

The response will include an access_token field, which you can use to authenticate with the Admin API.

{
    "access_token":"YOUR_ACCESS_TOKEN",
    "expires_in":86400,
    "token_type":"Bearer"
}

Change a service account’s role#

You can change a service account’s role in the Pinecone console:

Go to Settings > Access > Service accounts.
In the row of the service account you want to update, click ellipsis (…) menu > Manage.
Select an Organization role for the service account.
Click Update.

Update service account name#

You can change a service account’s name in the Pinecone console:

Go to Settings > Access > Service accounts.
In the row of the service account you want to update, click ellipsis (…) menu > Manage.
Enter a new Service account name.
Click Update.

Rotate a service account’s secret#

You can rotate a service account’s client secret in the Pinecone console:

Go to Settings > Access > Service accounts.
In the row of the service account you want to update, click ellipsis (…) menu > Rotate secret.
Enter the service account name to confirm.
Click Rotate client secret.
Copy and save the Client secret in a secure place for future use.
You will not be able to see the client secret again after you close the dialog.
Click Close.

Delete a service account#

Deleting a service account will remove it from all projects and will disrupt any applications using it to access Pinecone. You delete a service account in the Pinecone console:

Go to Settings > Access > Service accounts.
In the row of the service account you want to update, click ellipsis (…) menu > Delete.
Enter the service account name to confirm.
Click Delete service account.

Link last verified June 7, 2026. View original ↗

Source: Pinecone Docs

Link last verified: 2026-03-04