Appearance
API Keys
Pro & EnterpriseAPI key management requires a Pro or Enterprise subscription.
Compare plansAPI keys authenticate requests to the Layota embed and public API.
Key Types
| Type | Use case |
|---|---|
| Read | Embed, SDK, public API — read-only access |
| Write | REST API — project management |
All keys look the same on the wire — sk_ followed by 64 hex characters. The type is chosen when the key is created and shown next to the key prefix in the dashboard.
Creating Keys
- Go to Dashboard → API Keys
- Click Create Key
- Select the key type (Read or Write)
- Copy the key — it's only shown once
Using Read Keys
Read keys are required when Allowed Domains are configured.
Web component:
html
<script src="https://layota.app/embed.js"></script>
<layota-map
src="https://layota.app/embed/PROJECT_ID?apiKey=sk_..."
style="width: 100%; height: 600px;"
></layota-map>iframe:
html
<iframe src="https://layota.app/embed/PROJECT_ID?apiKey=sk_..."></iframe>SDK:
typescript
const map = new LayotaMap({
container: '#map',
projectId: 'PROJECT_ID',
apiKey: 'sk_...',
})Using Write Keys
Write keys are used with the REST API for server-to-server access:
bash
curl -H "Authorization: Bearer sk_..." \
https://layota.app/api/projects/DANGER
Never expose write keys in client-side code. Use them only on your backend server.
Revoking Keys
Delete a key from Dashboard → API Keys. Revocation is immediate — existing embeds using that key will stop working.