UploadKit
Dashboard

API Keys

Create, manage, and revoke API keys for your UploadKit project.

API keys authenticate requests to the UploadKit REST API and SDK. Each project has its own keys, and keys come in two environments: live and test.

Key types

TypePrefixUse case
Liveuk_live_Production — real uploads, counted against quota
Testuk_test_Development and CI — sandbox, no quota impact, files purged after 24h

Always use a test key during development. Switch to a live key only when deploying to production.

Creating an API key

  1. Navigate to API Keys in the sidebar
  2. Click Create Key
  3. Give the key a descriptive name (e.g., "Production Server", "GitHub Actions CI")
  4. Select Live or Test
  5. Click Create

Copy the key now. The full plaintext key is shown only once immediately after creation. After you close the dialog, only a masked version (uk_live_xxx...xxx) is stored — UploadKit cannot recover or display the key again.

Key display

After creation, keys are displayed in masked form:

uk_live_xxx...xxxabc

The first few and last few characters are shown for identification. You can use this to confirm which key is in use in your application.

Using API keys in your application

Set the key as an environment variable — never hardcode it:

.env.local
UPLOADKIT_API_KEY=uk_live_xxxxxxxxxxxxxxxxxxxxx

The API key is server-side only — it is never exposed to the browser. The @uploadkitdev/next handler uses this key to authenticate with the UploadKit API. React components communicate through your local /api/uploadkit endpoint without needing the key.

Copying a key

If you need to retrieve a key value and you still have it in your environment, you can confirm you have the right key by comparing the masked display in the dashboard with your stored value.

If you have lost the key, you must revoke it and create a new one.

Revoking a key

To revoke an API key:

  1. Find the key in the API Keys list
  2. Click the Revoke button (trash icon)
  3. Confirm in the dialog

Revoked keys stop working immediately. Any requests using the revoked key receive a 401 Unauthorized response.

Revoke a key immediately if you suspect it has been exposed (e.g., committed to a public repository, logged in plaintext). Create a replacement key and update your environment variables.

Key limits by tier

TierMax keys per project
Free2
Pro10
Team50
EnterpriseUnlimited

If you reach your key limit, revoke unused keys or upgrade your plan.

Files

Browse, search, preview, and delete files in the UploadKit dashboard.

Billing

Subscription tiers, upgrading, managing your plan, and overage pricing.

On this page

Key typesCreating an API keyKey displayUsing API keys in your applicationCopying a keyRevoking a keyKey limits by tier