> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sendrealm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create and manage team-wide and project-scoped API keys

## How API keys work

API keys are team-bound tokens used to authenticate API, SDK, MCP, and SMTP requests. Project API keys are permanently limited to their owning project. Team API keys can authorize selected projects or every current and future project in their team. Every key can also be limited to sending, read-only, or custom permissions. Treat every key as a secret.

## Create a team API key

Use a team API key when an integration needs access to every current and future project in one team:

1. Navigate to **Settings → Team API Keys**.
2. Click **Create Team API Key**.
3. Give your API key a name.
4. Choose the default project used when an integration does not select one explicitly.
5. Choose Full access, Sending, Read-only, or Custom permissions.

## Create a project API key

Use a project API key when credentials should be permanently limited to one project:

1. Select the project in the dashboard.
2. Navigate to **Project API Keys**.
3. Click **Create Project API Key**.
4. Choose Full access, Sending, Read-only, or Custom permissions.

You can edit a project key's name and permissions later without rotating the secret, but its owning project cannot be changed and additional projects cannot be added. Team keys are managed in Settings and should be used for cross-project access. Existing keys retain full access across their team and continue using their original project by default.

| Permission        | Access                                         |
| ----------------- | ---------------------------------------------- |
| `email.send`      | REST and SMTP email sending                    |
| `push.send`       | Push notifications, tests, and Live Activities |
| `events.ingest`   | Production event ingestion                     |
| `resources.read`  | Read project resources                         |
| `resources.write` | Create, update, and delete project resources   |
| `*`               | Full access                                    |

## Select a project

REST requests and the JavaScript SDK use the key's default project unless `X-Sendrealm-Project-Id` is supplied. The selected project must belong to the key's team and be authorized for that key.

```bash theme={null}
curl https://api.sendrealm.com/v1/project \
  -H "Authorization: Bearer $SENDREALM_API_KEY" \
  -H "X-Sendrealm-Project-Id: PROJECT_ID"
```

The project header is optional, so existing integrations and older SDK versions continue to use the key's default project unchanged.
