Staso Docs
Platform

API keys

API keys authenticate the SDK to the Staso ingest API. Org-wide or scoped to specific workspaces.

Create

  1. Settings -> API Keys -> New Key in the dashboard.
  2. Name it. Set an optional expiry.
  3. Pick a scope (below).
  4. Copy the raw key immediately — it's shown once and stored as a hash.

The dashboard keeps a key_prefix (first 12 chars) so you can identify a key later without revealing the secret.

Scopes

ScopeWhat it can doUse when
full_orgIngest into any workspace in the org.Single-team orgs.
workspace_scopedIngest only into the workspaces you list.Per-env or per-team keys.

Pick workspace_scoped whenever a key ships to an environment that should not be able to write to other workspaces — for example, a prod deploy key that must never touch staging.

Use the key

st.init(api_key="ak_live_...", workspace_slug="prod")
export STASO_API_KEY=ak_live_...
export STASO_WORKSPACE_SLUG=prod

If workspace_slug is not set, the backend falls back to the key's default workspace.

Rotate

  1. Create a new key with the same scope.
  2. Deploy it alongside the old one (env var swap).
  3. Watch the dashboard — new ingests show up under the new key_prefix.
  4. Deactivate the old key.

No downtime. Clean cutover point in the UI.

Next

Workspaces

Organizations own billing, RBAC, and API keys. Workspaces own the data.

Team and roles

Invite teammates, assign roles, control who can manage keys, workspaces, guards, and datasets.

On this page

API keysCreateScopesUse the keyRotateNext