Deployment scope
By default, an API key is not scoped to any deployment—it can be used with every deployment in your organization (the All deployments option). When creating or editing a key, you can instead scope it to one or more specific deployments. The scope determines which requests a key can authorize:- Deployment-scoped endpoints—such as generating an embed session for a deployment—require the key to be scoped either to that deployment or to all deployments. A request targeting a deployment outside the key’s scope is rejected.
- Endpoints that aren’t tied to a specific deployment continue to work with any key, regardless of its scope.
Scoping is optional and backward compatible. Existing keys remain unscoped (All
deployments) until you change them.