Legacy API Keys (Deprecated)
Legacy API Keys are Personal Access Tokens (PATs) - the older, session-based tokens that predate the current API keys. They are deprecated and kept only so existing integrations keep working.
For any new integration, create a standard API Key (its value starts with ak_) instead. New keys are organization-scoped and work with the CLI and the API.
Where these live
Legacy tokens are managed under Settings -> API Keys -> Legacy API Keys. The page lists each token's name, a masked preview (last 4 characters), when it was created, and when it was last used.
Creating a legacy token
Creation is still available for compatibility, but prefer a standard API Key instead.
- Open Settings -> API Keys -> Legacy API Keys.
- Click Create API Key and enter a descriptive name.
- Copy the token when it is shown. Like the current keys, the full value is displayed only once - after you close the dialog, only the last 4 characters remain visible.
A legacy token carries the same permissions as your account, so treat it like a password.
Revoking a legacy token
- Find the token in the list.
- Click Revoke and confirm.
Revocation is immediate and cannot be undone. Any application or script still using that token will stop being able to authenticate.
Migrating to current API keys
- Create a standard API Key and store its
ak_value securely. - Update your CLI logins and any integrations to use the new key - see API Keys for the CLI and API usage.
- Once everything is switched over and verified, revoke the old legacy token.
Related pages
- API Keys - the current, recommended key system
- Trigger a pipeline run via the API
- CLI
Support
Questions about migrating off legacy tokens? Contact us at support@supa-flow.io.
Ask Claude