API keys
API keys authenticate requests to the Mistral API and other Mistral tools. In Admin, Organization admins can create, review, rotate, and delete API keys across Workspaces.
Users can also create their own API keys directly in Studio›Studio›API keys ↗. This article focuses on how admins manage API keys from the Admin Console.
API key types
API keys can be associated with different product surfaces:
| Type | Use |
|---|---|
| Studio | Standard API keys for Mistral API usage. |
| Vibe | Keys used by Vibe Code. |
| Mistral Code | Legacy keys for earlier Mistral Code usage. |
Create an API key as an admin
- Open Admin Console›API›API Keys ↗.
- Click Create new key.
- Optionally enter a Key name.
- Select the Workspace the key belongs to.
- Optionally set an Expiration date. Use No expiration date for a key that does not expire automatically.
- Choose the Connector access scope.
- Click Create new key.
- Copy the key immediately.
API keys are confidential and are not shared within your Organization. The full key is shown only once. After you close the dialog, you cannot retrieve it. Store it in a password manager or secrets vault. Do not share it or commit it to version control.
After you create a key, you cannot change its Workspace, Connector access scope, or expiration date. To change those settings, create a new key and delete the old one.
Connector access scope
Connector access scope controls which Workspace Connectors the key can use.
The default scope is Shared connectors only. Use it when the key needs access only to Connectors shared with the Workspace. Choose a broader scope only when the application needs access to additional Workspace Connectors.
Manage API keys
Open Admin Console›API›API Keys ↗ to review API keys.
The key list shows:
- active and expired keys;
- key type;
- Workspace;
- last used date;
- expiration date.
From the key list, admins can:
- rotate a key by creating a new key and deleting the old one;
- delete a key;
- identify unused or expired keys.
Review a member's API keys
Admins can also review API keys from a member's User Details panel. The API Keys tab shows the member's keys, their type, the Workspace each key belongs to, when each key was last used, and when each key expires.
Use this view when you need to investigate or clean up keys owned by a specific member. For broader key management, use Admin Console›API›API Keys ↗.
Use API keys
Pass the key in the Authorization header:
curl https://api.mistral.ai/v1/chat/completions \
-H "Authorization: Bearer $MISTRAL_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model": "mistral-medium-latest", "messages": [{"role": "user", "content": "Hello"}]}'Or set it as an environment variable for the SDKs:
export MISTRAL_API_KEY="your-api-key"Workspace scoping
API keys are scoped to the Workspace where they were created. Requests made with a key use that Workspace's quota, rate limits, and resources.
To use different keys for different environments, such as development, staging, and production, create separate Workspaces and create a dedicated API key in each Workspace.
Plans
API keys work in Free mode by default, with usage and rate limits for evaluation and prototyping. To raise your limits with pay-as-you-go billing, upgrade to the Scale plan in Admin Console›Subscriptions›Billing ↗.