API keys

RemoteGPU API keys are used for two main purposes:

calling inference APIs with x-api-key
refreshing Kubernetes exec credentials for kubectl

Console account management APIs do not use API keys. They use your signed-in browser session.

Where to manage keys

Open Settings / API Keys in the console to:

create keys
rename keys
change expiry
change scopes
revoke keys

The raw key value is returned only when the key is created. After that, the API and console only expose its prefix.

Scope shapes

There are three supported scope modes.

All access

all

{
  "all": true
}

Use this when one key should work for both inference and Kubernetes flows.

Inference only

{
  "inference": true
}

Use this for image generation clients that should not be able to refresh Kubernetes credentials.

Kubernetes exec only

Namespace-scoped:

{
  "kubernetes_exec": {
    "namespace_ids": [
      "YOUR_NAMESPACE_UUID"
    ]
  }
}

All namespaces owned by the current account:

{
  "kubernetes_exec": {
    "all_namespaces": true
  }
}

Use this for kubectl access without granting inference APIs.

Invalid scope combinations

Mixed explicit inference plus namespace-scoped Kubernetes access is not a valid payload. Use {"all": true} when you want both.

These payloads are rejected:

{}
At least one explicit scope is required
{"inference": true, "kubernetes_exec": {...}}
Explicit mixed scopes are not supported
{"all": true, "inference": true}
all cannot be combined with other scope fields
{"kubernetes_exec": {"namespace_ids": []}}
At least one namespace ID is required unless all_namespaces is true

Namespace ownership rules

kubernetes_exec.namespace_ids must reference namespaces owned by the current account. If you include someone else's namespace, creation or update is rejected with 400.

Header format

APIs expect the key in the x-api-key header:

curl -H "x-api-key: YOUR_API_KEY" \
  "https://api.remotegpu.ai/v1/inference/runtime/models"

Example inference request:

curl -X POST "https://api.remotegpu.ai/v1/inference/image" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{
    "model": "black-forest-labs/FLUX.1-dev",
    "prompt": "a cinematic portrait of an astronaut cat"
  }'

Kubernetes kubeconfig refresh also uses x-api-key, but it is normally handled for you by the generated kubeconfig exec plugin.

Common use cases

Inference-only client integration
Namespace-scoped kubectl access
Broad admin automation with all scopes

Lifecycle rules

Key names are limited to 64 characters
Expiration must be in the future
Revoked keys cannot be modified
Expired keys cannot be modified
Creating a key can fail with 409 if your account has reached its active key limit

Common responses

401 Missing access token when managing keys from account APIs
401 Missing, invalid, revoked, or expired API key when calling key-protected APIs
400 Invalid scope payload, invalid namespace ownership, or past expiration
404 API key not found
409 Revoked or expired keys cannot be modified

GET /v1/account/api-keys
POST /v1/account/api-keys
PATCH /v1/account/api-keys/{key_id}
POST /v1/account/api-keys/{key_id}/revoke

Where to manage keys​

Scope shapes​

All access​

Inference only​

Kubernetes exec only​

Invalid scope combinations​

Namespace ownership rules​

Header format​

Common use cases​

Lifecycle rules​

Common responses​

Related APIs​