API Keys

API keys provide programmatic access to Plotly Cloud without requiring an interactive browser login. Use them in CI/CD pipelines and automated scripts to publish and manage Dash apps.

API keys are available on Pro team plans and higher.

Creating an API Key

You can manage API keys in your team settings. To create a new key:

1. Go to your team settings page and select the API keys tab.

<img>

2. Select Create API Key and give it a descriptive name (e.g., GitHub Pipeline).

<img>

3. Copy the key value immediately. It starts with sk_ and is only shown once.

<img>

Important: Store your API key securely. You won’t be able to view it again after closing the creation dialog.

Using an API Key

Pass the key directly with the --api-key global option:

plotly --api-key "your_api_key_here" app publish --name my-app

Or set the PLOTLY_API_KEY environment variable so you don’t have to pass it on every command:

export PLOTLY_API_KEY="your_api_key_here"
plotly app publish --name my-app

Either approach skips interactive login and authenticates directly. This is the recommended approach for non-interactive environments like CI/CD.

Note: API keys only work with app commands. User commands like user teams and user whoami require personal authentication via plotly user login.

Security Best Practices

API keys grant programmatic access to your Plotly Cloud apps. A leaked key allows anyone to publish code to your apps or modify their settings without your knowledge.

Keep the following in mind:

• Never commit API keys to version control. Even in private repositories, keys in git history are difficult to fully remove. Use your CI/CD platform’s secrets manager instead.
• Never share keys in plain text via email, chat, or documentation.
• Revoke compromised keys immediately. If you suspect a key has been exposed, delete it in your team settings and create a new one. Any deployments using the old key will stop working, so update your CI/CD secrets at the same time.
• Be selective about which apps allow API key access. Any team member who can create an API key can access all apps that have API key access enabled—even apps they don’t personally own. Only enable API key access on apps that genuinely need automated deployment.

Managing API Key Access to Apps

API keys are scoped to your team, but whether API keys can edit a given app is an app-level setting. This means that not all apps on your team are necessarily manageable by API keys, but every app that does have API key access enabled is editable by all of your team’s API keys.

To enable or disable API key access to an app:

1. Open the app’s Sharing settings in Plotly Cloud.

2. In API keys, choose a permission level:
   - Can edit — API keys can publish updates and modify app settings.
   - No access — API keys cannot access this app (default).

<img>

Revoking an API Key

To revoke and delete an API key, go to your team settings and find the key in the API Keys tab. Select the … menu next to it and confirm in the dialog. The key is invalidated immediately. This action cannot be undone.

<img>

<img>