The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Chosen image
Home/Cloud/Function as a Service/Authenticate to functions with API keys

Authenticate to functions with API keys

This guide explains how to add and edit API keys to protect your function endpoints from unauthorized access.

Create an API key

  1. In the Cloud menu, go to Functions, select API keys, and click Create now.
API keys for functions in the Cloud menu
  1. In General information, specify the API key name (required) and description (optional.)
Fill in the general information about API keys
  1. In Access to Functions, specify which functions can be authenticated using the given key.
Specify functions that can be authorized with the API key
  1. For Expiration, set the date until when the API key remains valid. Alternatively, if you don’t want to update your key, select Never expire.
Set the expiration period for an API key
  1. Click Create.

  2. Copy and save the key.

Note: You will not be able to see the key again. We do not store tokens, so the responsibility for token storage and usage rests with the issuer.

Your API key is active. From now on, anyone attempting to access your function endpoint must include a valid API key in the X-API-Key header. Otherwise, they will receive a 401 error.

If you’ve set the expiry date, you’ll get a notification in the Customer Portal before it expires.

Change API key settings

You can change the description, expiration date, and functions that can be accessed with a given key.

  1. Go to the API key list, click the three dots next to the key you want to change, and click Edit.
Edit API key settings
  1. Go to the tab you need and change the settings as follows:
  • General: Change the key description.
  • Access to Functions: Change the functions that can be authenticated with the key.
  • Expiration: Reset the expiry date.
  1. Click Save.

Delete an API key

  1. Go to the API key list, click the three dots next to the key you want to delete, and click Delete.
Delete an API key
  1. Confirm the deletion.


  1. What should I do if I forget or lose my API key?

Delete the key in the Customer Portal, create a new one and add it to the function.

  1. Can I revoke an API key if it was compromised?

If your key was compromised, delete it in the Customer Portal, create a new one and add it to the function.

  1. How can I check if my API key is still valid?

Valid keys have the status “Active” in the API key list. If an API key is no longer valid, it will have the status “Expired”.

Was this article helpful?

Not a Gcore user yet?

Discover our offerings, including virtual instances starting from 3.7 euro/mo, bare metal servers, AI Infrastructure, load balancers, Managed Kubernetes, Function as a Service, and Centralized Logging solutions.

Go to the product page