API keys

API keys authenticate requests to the Mistral API and other Mistral tools. In Admin, Organization admins can create, review, rotate, and delete API keys across Workspaces.

Users can also create their own API keys directly in StudioStudioAPI keys. This article focuses on how admins manage API keys from the Admin Console.

API key types

API key types

API keys can be associated with different product surfaces:

TypeUse
StudioStandard API keys for Mistral API usage.
VibeKeys used by Vibe Code.
Mistral CodeLegacy keys for earlier Mistral Code usage.
Create an API key as an admin

Create an API key as an admin

  1. Open Admin ConsoleAPIAPI Keys.
  2. Click Create new key.
  3. Optionally enter a Key name.
  4. Select the Workspace the key belongs to.
  5. Optionally set an Expiration date. Use No expiration date for a key that does not expire automatically.
  6. Choose the Connector access scope.
  7. Click Create new key.
  8. Copy the key immediately.
Avertissement

API keys are confidential and are not shared within your Organization. The full key is shown only once. After you close the dialog, you cannot retrieve it. Store it in a password manager or secrets vault. Do not share it or commit it to version control.

Note

After you create a key, you cannot change its Workspace, Connector access scope, or expiration date. To change those settings, create a new key and delete the old one.

Connector access scope

Connector access scope

Connector access scope controls which Workspace Connectors the key can use.

The default scope is Shared connectors only. Use it when the key needs access only to Connectors shared with the Workspace. Choose a broader scope only when the application needs access to additional Workspace Connectors.

Manage API keys

Manage API keys

Open Admin ConsoleAPIAPI Keys to review API keys.

The key list shows:

  • active and expired keys;
  • key type;
  • Workspace;
  • last used date;
  • expiration date.

From the key list, admins can:

  • rotate a key by creating a new key and deleting the old one;
  • delete a key;
  • identify unused or expired keys.
Review a member's API keys

Review a member's API keys

Admins can also review API keys from a member's User Details panel. The API Keys tab shows the member's keys, their type, the Workspace each key belongs to, when each key was last used, and when each key expires.

Use this view when you need to investigate or clean up keys owned by a specific member. For broader key management, use Admin ConsoleAPIAPI Keys.

Use API keys

Use API keys

Pass the key in the Authorization header:

curl https://api.mistral.ai/v1/chat/completions \
  -H "Authorization: Bearer $MISTRAL_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "mistral-medium-latest", "messages": [{"role": "user", "content": "Hello"}]}'

Or set it as an environment variable for the SDKs:

export MISTRAL_API_KEY="your-api-key"
Workspace scoping

Workspace scoping

API keys are scoped to the Workspace where they were created. Requests made with a key use that Workspace's quota, rate limits, and resources.

To use different keys for different environments, such as development, staging, and production, create separate Workspaces and create a dedicated API key in each Workspace.

Plans

Plans

API keys work in Free mode by default, with usage and rate limits for evaluation and prototyping. To raise your limits with pay-as-you-go billing, upgrade to the Scale plan in Admin ConsoleSubscriptionsBilling.