API keys authenticate requests to the Gecko v1 API.
Keys are scoped to the team they’re created in. Manage them in Settings >
API Keys.
API access is a Pro/Enterprise feature.
Create a key
Open API Keys
Go to Settings > API Keys and click Create API Key.
Name it
Give the key a descriptive name, such as CI/CD Pipeline or Production.
Copy the key now
Gecko shows the full key value once, at creation. Copy and store it
securely; afterward only a masked preview is shown.
Use a key
Send the key in the X-API-Key header on every authenticated request:
curl https://app.gecko.security/api/v1/scans?limit=10 \
-H "X-API-Key: $GECKO_API_KEY" \
-H "Accept: application/json"
Gecko scopes every response to the team attached to the key. See the
API reference for endpoints, rate limits, and
examples.
Manage and revoke
The API Keys table shows each key’s name, masked preview, creation date, and
last-used time. Delete a key to revoke it immediately.
Deleting a key takes effect right away. Rotate by creating the new key first,
updating your integration, then deleting the old one.