API Keys

The WarpStream API allows developers to manage API key permissions directly. This contrasts with the WarpStream console and the WarpStream Terraform provider, where API keys are always exposed as account keys, application keys or agent keys. For more information about this distinction, see Secrets Overview.

API requests to manage API keys must be authenticated with either an account key or an application key. Account keys can create, list, and delete account keys, as well as application keys in any workspace. Application keys can create, list, and delete application keys and agent keys, but only in their respective workspaces. See Workspaces and Access Controls.

API key permissions are represented as access grants. An application key is simply an API key with one set of grants, and an agent key is also just an API key with a different set of grants. Grants are specified when creating new API keys. For details, see the reference to create API keys.