API Keys & Scopes
Create API keys with specific permission scopes for programmatic access.
Create keys
octomil keys create deploy-key --scope devices:write
octomil keys create read-only-key --scope models:read
octomil keys create full-access-key --scope devices:write,models:read,models:write
Keys are displayed once at creation time. Store them securely. Lost keys cannot be recovered — create a new one.
Available scopes
| Scope | Description |
|---|---|
devices:write | Register devices, send heartbeats, submit training updates |
devices:read | List and view device details |
models:read | Download models, list model versions |
models:write | Upload models, create versions, manage rollouts |
experiments:read | View experiment results and analytics |
experiments:write | Create and manage experiments |
admin:read | View organization settings and audit logs |
admin:write | Modify organization settings, manage members |
Usage examples
Edge device (hospital workstation, Raspberry Pi) — devices:write so it can register and submit training updates:
export OCTOMIL_API_KEY=octomil_dk_...
octomil pair ABC123
CI pipeline — models:read to pull models for testing:
export OCTOMIL_API_KEY=octomil_ro_...
octomil pull radiology-v1 --version 2.0.0 --format onnx
Deploy pipeline — models:write to push and deploy:
export OCTOMIL_API_KEY=octomil_fa_...
octomil push ./converted --model-id radiology-v1 --version 3.0.0
octomil deploy radiology-v1 --version 3.0.0 --rollout 10%
Dashboard
Manage keys at Settings > API keys.
Related
- Enterprise Onboarding — create keys as part of org setup
- Device Token Lifecycle — how device tokens work with scoped keys