Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.retab.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys are environment-scoped. Each key belongs to exactly one environment, and the key’s prefix tells you which one at a glance.
PrefixEnvironmentDashboard section
rt_test_testTest keys
rt_live_productionLive keys
sk_retab_productionLive keys (labelled legacy)
The prefix is a visible hint. The authoritative environment is the one stored on the server’s API key document.

Create a key from the dashboard

Go to Developer settings in the dashboard. The page is split into two sections — Test keys and Live keys — to keep environment scope explicit at the moment of creation.
  • Click Create test key to mint a new rt_test_... key.
  • Click Create live key to mint a new rt_live_... key.
The full key is shown exactly once. Copy it into your secrets store immediately; Retab only retains a hashed copy after the dialog closes.

Use a key

Each SDK reads RETAB_API_KEY from the environment by default. Pick the right key per surface: 
# Local development
export RETAB_API_KEY=rt_test_...

# CI
RETAB_API_KEY=rt_test_... retab workflows tests runs create wf_...

# Production deploys
export RETAB_API_KEY=rt_live_...

from retab import Retab

client = Retab()                       # reads RETAB_API_KEY
print(client.environment)              # "test" or "production"

Verify a key

Probe the API and see exactly which environment Retab resolved for the current credential: 
retab auth status

authenticated: true
base_url: https://api.retab.com
active_credential: rt_test_...abcd
resolved_environment: test
The same information is available over HTTP from GET /v1/auth/status.

Rules of thumb

  • Use a test key for local development, CI, integration tests, and customer-facing staging apps. Test resources never bill, log, or trigger production-only side effects.
  • Use a live key for production deploys, scheduled jobs, and any call that should actually move money, send a notification, or update customer-facing systems.
  • Never bake a live key into a public repo, a client bundle, or a shell history file. Treat it like a database password.
  • Rotate keys from the dashboard. Revoking a key invalidates it immediately; in-flight requests using the revoked key get 401.

Legacy keys

sk_retab_... keys from before the environments feature continue to work. They resolve to production and appear under Live keys with a legacy label. There is no rush to rotate them — they keep working — but you should mint a fresh rt_live_... key the next time you would have rotated anyway, so the prefix matches the environment.