Docs Menu
Docs Home
/ /
Atlas App Services
/ /

API Key Authentication

On this page

  • Overview
  • Enable API Key Authentication
  • API Key User Objects
  • Server API Keys
  • Create a Server API Key
  • User API Keys
  • Realm SDK Examples
  • Log In With an API Key
  • Create a User API Key

The API Key authentication provider allows users to log in using generated keys.

App Services supports the following two types of API keys:

  • Server API keys: API keys associated with server users that is created from the App Services CLI, API or UI.

  • User API keys: API keys created from the Realm SDKs associated with application users.

API keys do not expire automatically.

To work with API key users, you must first enable the API key authentication provider. The API Key authentication provider does not have any configuration options.

Every App Services user has a unique metadata object. The object is passed to Functions called by the user and rule expressions for requests made by the user. In API key user objects, the type field has the value "server". For example:

id: "<Unique User ID>",
type: "server",
data: <user data object>,
custom_data: <custom user data object>,
identities: <array of user identities>,

You can use this field to evaluate if requests come from API keys.

For more information, refer to User Objects.

Server API keys are generated in a server-side context using one of the App Services CLI, API or UI. When you create a server API key, you also create an associated server user.

You can provide a server key to external applications and services to allow them to authenticate directly with App Services.

You can associate up to 100 server API keys with an app.

You must enable the API key provider before you can create an API key.


You must copy the server key's value as soon as you create it. Once you create the API key, you can no longer retrieve it.

You can generate user API keys with the Realm SDKs. Each user API Key is associated with a single non-anonymous user. Each user can associate up to 20 user API keys with their account. Once the key is associated with a user account, the user can use the key to authenticate. The following diagram shows how to create, and then use, a User API Key:

User API Key flow diagram

To learn how to generate user API keys, refer to the Realm SDK documentation.

For code examples that demonstrate how to register and log in using API Key authentication, see the documentation for the Realm SDKs.

The Realm SDK can log in with an existing server or user API key.

The Realm SDK can create a new user API key for an existing user account.

← Anonymous