Skip to main content

Prerequisites

Before creating an API key, make sure you:
  • Have a BabySea account.
  • Are signed in to the dashboard.
  • Can manage the account. In a team workspace, primary-owner and owner can create keys, while member can only view the page.

Step by step

1

Open API keys

Navigate to API keys in the sidebar.
2

Click Create API key

Click Create API key in the top right corner. BabySea opens the dialog Add API key.
3

Fill in Name

Enter a value in the field Name. The current dashboard accepts up to 100 characters.
Example nameUse case
prod-api-workerProduction backend generating images
dev-frontendDevelopment environment
staging-monitorStaging health checks
analytics-readerDashboard that reads usage data
4

Choose Permissions

In the Permissions section, select one of the built-in presets:
PresetDashboard description
Full AccessAll permissions - read, write, delete
Generate OnlyCreate & read generations + browse models
Read OnlyRead generations, account info, health - no spending
Monitor OnlyHealth checks & model catalog - no account data
See Scopes for the full endpoint mapping.
5

Optional - add an IP allowlist

Use the field IP allowlist (optional) if you want the key to work only from specific source IPs. Enter the list as comma-separated values:
203.0.113.10, 198.51.100.5, 2001:db8::1
The helper text under the field is Comma-separated IPs. Leave empty to allow all IPs.Leave the field empty to allow requests from any IP. The current action accepts up to 50 entries.
6

Click Add

Click Add to create the key.
7

Store the key

After creation, BabySea opens the dialog View API key and shows the full secret once:
bye_a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5P6q7R8s9
The dialog includes:
  • the warning text You can only see this key once. Store it safely.
  • Show value and Hide value
  • a copy button
  • The final action Done
Store the key somewhere safe before you close the dialog.
This is the only time the full key is shown. Once you close this dialog, the raw key cannot be retrieved.

Using your key

TypeScript
import { BabySea } from 'babysea';

const client = new BabySea({
  apiKey: process.env.BABYSEA_API_KEY,
  region: 'us',
});

const result = await client.generate('bfl/flux-schnell', {
  generation_prompt: 'A baby seal plays in Arctic',
});

Verify the new key

Before sending generation traffic, verify the key with GET /v1/status. This route requires the account:read scope, so it is included in Full Access and Read Only, but not in Generate Only or Monitor Only.
Terminal
curl https://api.us.babysea.ai/v1/status \
  -H "Authorization: Bearer bye_your_api_key"
If the key is allowed to call the route, BabySea returns the account ID plus the current key metadata, including apikey_name, apikey_prefix, and key timestamps. If you want a quick test for a Generate Only key, send a normal generation request instead.

Store your key securely

Add the key to your .env file (make sure .env is in your .gitignore):
.env
BABYSEA_API_KEY=bye_your_api_key
Then reference it in code:
TypeScript
const client = new BabySea({
  apiKey: process.env.BABYSEA_API_KEY!,
  region: 'us',
});
Never commit API keys to version control, embed them in client side code, or share them in plain text (Slack, email, etc.).

After creation

Your new key appears in the API keys table. From that table, owners can later:
  • Rotate the key to create a replacement key and keep the old key working during the selected grace period.
  • Revoke the key to disable it immediately.
  • Delete the key to permanently remove it and all associated logs.
The table also shows the key prefix, creation time, status, last-used time, and any stored IP allowlist values.