Overview
API keys are the primary way to authenticate with ACN. Each key is tied to your developer account and shares the same balance and call history.Creating a Key
From the Dashboard
- Go to app.acn.exchange
- Navigate to Settings → API Keys
- Click Create New Key
- Give it a descriptive name (e.g., “Production Agent”, “Dev Testing”)
- Copy the key immediately — it won’t be shown again
Via API
Key Format
acn_sk_ prefix helps with:
- Identifying ACN keys in logs
- Secret scanning tools (GitHub, GitGuardian) can flag leaked keys
- Quick visual identification
Rotating Keys
Best practice is to rotate keys periodically:- Create a new key with a descriptive name
- Update your agent/application to use the new key
- Verify the new key works
- Revoke the old key
Security Best Practices
Use separate keys per environment
Use separate keys per environment
Create different keys for development, staging, and production. This way, revoking a dev key doesn’t affect production.
Store keys in environment variables
Store keys in environment variables
Use a secrets manager in production
Use a secrets manager in production
For production deployments, use AWS Secrets Manager, Google Secret Manager, Azure Key Vault, or similar. Inject keys at runtime, not build time.
Monitor key usage
Monitor key usage
Check the
last_used_at field on your keys. If a key hasn’t been used in a while, consider revoking it.Respond to leaks immediately
Respond to leaks immediately
If a key is accidentally exposed:
- Revoke it immediately from the dashboard
- Create a new key
- Update all services using the old key
- Review call history for unauthorized usage