API keys

Admin → API keys issues bearer tokens for programmatic access to your organisation's projects, cues, and annotations — for a QLab bridge, a reporting script, or your own tooling.

Creating a key

Give the key a label that says what it's for ("QLab bridge · production rig") and pick its scopes. Scopes bound what the key can touch, split read from write across projects, cues, and annotations — grant a key only the scopes its job needs rather than everything.

The shown-once caveat

The raw key value is shown once, at the moment you create it. Cuelist doesn't store it in a form it can show you again. Copy it into your tooling or a secret store immediately; if you lose it, the only path is to revoke that key and create a new one.

Revoking

The list shows active and revoked keys. Revoke takes effect at once — a revoked key stops authenticating on the next request. Revoked keys stay listed with their revocation date so there's a record of what existed and when it was retired.

Related: Integrations · Outbound webhooks.