Skip to main content
API keys authenticate requests to the Gecko v1 API. Keys are scoped to the team they’re created in. Manage them in Settings > API Keys.
API access is a Pro/Enterprise feature.

Create a key

1

Open API Keys

Go to Settings > API Keys and click Create API Key.
2

Name it

Give the key a descriptive name, such as CI/CD Pipeline or Production.
3

Copy the key now

Gecko shows the full key value once, at creation. Copy and store it securely; afterward only a masked preview is shown.

Use a key

Send the key in the X-API-Key header on every authenticated request:
curl https://app.gecko.security/api/v1/scans?limit=10 \
  -H "X-API-Key: $GECKO_API_KEY" \
  -H "Accept: application/json"
Gecko scopes every response to the team attached to the key. See the API reference for endpoints, rate limits, and examples.

Manage and revoke

The API Keys table shows each key’s name, masked preview, creation date, and last-used time. Delete a key to revoke it immediately.
Deleting a key takes effect right away. Rotate by creating the new key first, updating your integration, then deleting the old one.