Gremlin Docs
Search documentation
API Reference

API Keys

When making programmatic calls to the Gremlin API, instead of using your own account profile with your username password credentials, you can leverage team-level API keys. This is akin to having a "service account" in other software products.

To create a new API key

  • Go to Company Settings.
  • Select your Team.
  • Select the API Keys tab.
  • Click New API Key button.
  • Give your key a unique name and an optional description.
  • Click save, and copy your key content for use.

To revoke and reinstate an API Key

  • Before you begin, confirm that you have stopped using the API Key.
  • Go to Company Settings.
  • Select your Team.
  • Select the API Keys tab.
  • Hover over the 3 dots to the right of your API Key.
  • Select Revoke Key or Reinstate Key in the popup.
  • If you are revoking a key, confirm by clicking the Revoke button.


Instead of using a Bearer token, provide the key content in the Authorization Header, prefixed with Key.

1Authorization: Key f02868098b13e4f68da82b0c5e5c950ea750fce53c62d982cdab0c61099e5f98

See Creating Attacks for examples of creating an attack via the API.


There is a limit of 5 active API Keys per team.


API keys have access levels equivilant to a Company User and Team User for the company and team that the API key was created under.