Chance authenticates API requests with a per-account API key sent in the x-api-key header.
Creating a key
- Sign in to the dashboard.
- Click Create API key.
- Copy the key — it starts with
chance_sk_ and is shown only once.
Keys are secrets. Store them server-side (environment variables, a secrets manager) and never expose them in browser or mobile code. Only a hash of your key is ever stored on our side, so we can’t recover a lost key — create a new one and revoke the old.
Revoking a key
Revoke any key from the dashboard. Revocation is immediate; requests with a revoked key return 401.
Scoping
Each key is scoped to the account that created it and draws on that account’s credits. Use separate keys per service so you can revoke one without disrupting the others.