Skip to main content

Documentation Index

Fetch the complete documentation index at: https://langwatch.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

LangWatch uses API keys to authenticate SDK calls, MCP connections, and API requests. All keys are managed from a single place: Settings → API Keys.

Key Types

Personal KeyService Key
Tied toA specific userNo user (org-level)
Best forLocal development, AI assistants (MCP), personal workflowsCI/CD pipelines, automation, service-to-service
PermissionsInherits your RBAC permissions (ceiling model)Scoped to specific projects with ADMIN access
Survives user removalNo — disabled when user leaves the orgYes — independent of any user
Requires LANGWATCH_PROJECT_IDYesYes
Legacy project keys (the LANGWATCH_API_KEY shown on the project setup page) still work and will continue to be supported. They have the project context built in, so they don’t require LANGWATCH_PROJECT_ID. New users should prefer creating keys from Settings → API Keys for better security and access control.

Creating a Personal API Key

Personal keys are ideal for local development, connecting your AI coding assistant via MCP, or any workflow where you want the key tied to your identity.
1

Go to Settings → API Keys

Navigate to Settings → API Keys in your LangWatch dashboard.
2

Click Create API Key

Click the Create API Key button in the top right.
3

Configure the key

  • Type: Select Personal
  • Name: Give it a descriptive name (e.g., “My MCP key”, “Local dev”)
  • Scope: Select which projects, teams, or the whole organization the key can access
  • Expiration: Optionally set an expiration date
  • Permissions: Choose a permission mode:
    • All — inherits your full permissions at each scope
    • Restricted — fine-grained control over individual permission categories (see Permission Categories)
4

Copy your key

After creation, your key is shown once. Copy it and store it securely — you won’t be able to see the full key again.The key format is: sk-lw-<id>_<secret>

Using a Personal Key

Set both LANGWATCH_API_KEY and LANGWATCH_PROJECT_ID in your environment:
.env
LANGWATCH_API_KEY="sk-lw-..."
LANGWATCH_PROJECT_ID="your-project-id"
You can find your project ID in Settings → Projects or in the project URL.

Creating a Service API Key

Service keys are designed for automated systems — CI/CD pipelines, production services, and multi-project setups. They aren’t tied to any user, so they keep working even if team members leave.
Only organization admins can create service keys.
1

Go to Settings → API Keys

Navigate to Settings → API Keys in your LangWatch dashboard.
2

Click Create API Key

Click the Create API Key button in the top right.
3

Configure the key

  • Type: Select Service
  • Name: Give it a descriptive name (e.g., “CI pipeline”, “Production tracing”)
  • Scope: Select which projects, teams, or the whole organization the key can access
  • Expiration: Optionally set an expiration date
  • Permissions: Choose All for full access, or Restricted for fine-grained control
A service key scoped to the organization with All permissions gets org-wide ADMIN access. Always scope to specific projects when possible.
4

Copy your key

After creation, your key is shown once. Copy it and store it securely.

Using a Service Key

Service keys require LANGWATCH_PROJECT_ID so the SDK knows which project to send traces to:
.env
LANGWATCH_API_KEY="sk-lw-..."
LANGWATCH_PROJECT_ID="your-project-id"

Permission Categories

When using Restricted permissions, you can grant read or write access to individual feature areas:
CategoryReadWrite
TracesView traces and spansCreate, update, and share traces
CostView cost analytics
ScenariosView test scenariosCreate and manage scenarios
AnnotationsView annotationsCreate and manage annotations
AnalyticsView analytics dashboardsCreate and manage dashboards
EvaluationsView evaluationsCreate and manage evaluations
DatasetsView datasetsCreate and manage datasets
TriggersView triggersCreate and manage triggers
WorkflowsView workflowsCreate and manage workflows
PromptsView promptsCreate and manage prompts
SecretsView secretsCreate and manage secrets
Audit LogView audit log
TeamView team membersManage team membership
ProjectView project settingsCreate, update, and delete projects
Categories marked with ”—” for write are read-only by design.

Connecting to AI Assistants (MCP)

Personal API keys work with the LangWatch MCP Server to give your AI coding assistant access to LangWatch features — tracing, analytics, prompt management, and more.
1

Create a personal API key

Follow the steps above to create a personal key.
2

Add the MCP server to your editor

claude mcp add langwatch -- npx -y @langwatch/mcp-server --apiKey sk-lw-...
See the full MCP setup guide for all supported editors.
3

Ask your assistant to instrument your code

"Instrument my codebase with LangWatch"

Permissions Model

API key permissions follow a ceiling model: a personal key can never exceed the creating user’s own permissions.
  • If you have ADMIN access and create a key with All permissions, the key gets ADMIN
  • If you have MEMBER access and create a key with All permissions, the key gets MEMBER (not ADMIN)
  • Restricted keys let you manually narrow access to specific permission categories at read or write level
Service keys bypass the user ceiling since they have no associated user — their permissions come directly from their scope and permission mode. For more on roles and permissions, see Access Control (RBAC).

Managing Keys

From the Settings → API Keys page you can:
  • View all keys — see name, type, status, scope, permissions, creation date, last used, and creator
  • Edit a key — update the name, permission mode, or permission categories
  • Revoke a key — immediately disables the key (cannot be undone)
Rotate keys regularly and revoke any that are no longer in use. Set expiration dates on keys used for temporary workflows.