API Keys
Learn how to create and manage API keys to access the Giselle API programmatically.
This feature is currently in Private Preview. Access is limited to selected users. Features and APIs may change without notice.
You can manage API keys by navigating to Settings > Team > API Keys.
Overview
API keys allow you to access the Giselle API programmatically to run your apps from external applications, scripts, or services. API keys are scoped to your team, meaning all team members share access to the same set of API keys.
Creating an API Key
Navigate to API Keys Settings
Go to Settings > Team > API Keys in the Giselle.
Create a New Key
Click the Create new secret key button to open the creation dialog.
Add a Label (Optional)
Enter a descriptive label for your API key (e.g., "Production Server", "CI/CD Pipeline"). This helps you identify the key's purpose later.
Labels can be up to 128 characters long.
Copy Your API Key
After creation, your API key will be displayed once. Copy it immediately and store it securely.
The full API key is only shown once at creation time. If you lose it, you'll need to create a new key.
API Key Format
API keys follow the format:
gsk_<id>.<secret>For example: gsk_abc123xyz.secret_value_here
When viewing your API keys in the settings, you'll see a redacted version showing only the first few and last few characters (e.g., gsk_abc...xyz).
Managing API Keys
Viewing API Keys
The API Keys page displays all keys for your team with the following information:
- Label: The descriptive name you assigned
- Redacted Value: A shortened version of the key for identification
- Created At: When the key was created
- Last Used At: When the key was last used for an API request
Revoking API Keys
To revoke an API key:
- Navigate to Settings > Team > API Keys
- Find the key you want to revoke
- Click the Revoke button
- Confirm the revocation
Revoking an API key is immediate and permanent. Any applications or services using that key will immediately lose access to the API.
Using API Keys
When making requests to the Giselle API, include your API key in the Authorization header:
curl -X POST https://studio.giselles.ai/api/apps/{appId}/run \
-H "Authorization: Bearer gsk_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"text": "Your input text"}'For a better developer experience, consider using the Giselle SDK which handles authentication automatically.
Security Best Practices
Rate Limits
API requests are rate-limited based on your team's plan:
| Plan | Requests per Minute |
|---|---|
| Free | 60 |
| Pro | 300 |
| Team | 600 |
| Enterprise | 3,000 |
When you exceed the rate limit, the API returns a 429 Too Many Requests response. Rate limit information is included in response headers:
RateLimit-Limit: Maximum requests allowed per minuteRateLimit-Remaining: Remaining requests in the current windowRateLimit-Reset: Unix timestamp when the rate limit resetsRetry-After: Seconds to wait before retrying (when rate limited)
Troubleshooting
Unauthorized (401) Error
If you receive a 401 error, check that:
- Your API key is correct and complete
- The key hasn't been revoked
- The
Authorizationheader is formatted correctly:Bearer <your_api_key>
Rate Limited (429) Error
If you're being rate limited:
- Check the
Retry-Afterheader for when you can retry - Consider upgrading your plan for higher limits
- Implement exponential backoff in your application
Next Steps
- Learn how to use the Giselle SDK for easier API integration
- Explore the Playground to test your apps before integrating via API