Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Termix-SSH/Termix/llms.txt

Use this file to discover all available pages before exploring further.

Termix API keys let you authenticate automated scripts, CI/CD pipelines, and third-party tools against the Termix REST API without using interactive login sessions. Each key is tied to a specific user account and inherits that user’s permissions. Keys can be given an expiration date and revoked at any time.
API key management is an admin-only operation. An administrator must create and delete keys on behalf of users. If you need a key for your account, contact your Termix administrator.

How API keys work

When you create an API key, Termix generates a token prefixed with tmx_. The full token is shown to you once at creation time and is never stored in plaintext — Termix only retains a hash of the token for verification. If you lose the token, you must create a new key. Each key has:
  • A human-readable name to identify its purpose (for example, github-actions-deploy or backup-script)
  • An optional expiration date — if set, the key stops working after that date and time
  • A user scope — the key acts with the same permissions as the user it was created for

Creating an API key

1

Open the admin API keys panel

Log in as an administrator and navigate to Profile → API Keys.
2

Click Create New Key

Click Create New Key to open the key creation form.
3

Fill in the key details

Enter a descriptive name for the key. Select the user account the key should be scoped to. Optionally set an expiration date — leave it blank if you want the key to remain valid until manually revoked.
4

Copy the token immediately

After you click Create, Termix displays the full token once. Copy it and store it in a secure location such as a secrets manager or your CI/CD environment’s secrets store.
You cannot retrieve the token after closing this dialog. If you lose it, delete the key and create a new one.

Using an API key in requests

Include the token in the Authorization header of every API request using the Bearer scheme: 
Authorization: Bearer tmx_<your-token>
For example, using curl: 
curl https://your-termix-instance.example.com/api/users \
  -H "Authorization: Bearer tmx_abc123..."
The key is validated on each request. If the key has expired or been revoked, the request returns a 401 Unauthorized response.
For a complete list of available endpoints and request formats, see the API reference.

Revoking an API key

Revoked keys are permanently deleted and cannot be reinstated. Any script or service using the key immediately loses access.
1

Open the admin API keys panel

Navigate to Profile → API Keys as an administrator.
2

Find the key to revoke

Locate the key by its name or the token prefix shown in the list (the first 12 characters of the token, for example tmx_abc12345ef).
3

Delete the key

Click Delete next to the key and confirm. The key is immediately invalidated.

Best practices

Use descriptive names that make it easy to identify which system or script uses a given key — for example, ci-pipeline-staging or monitoring-readonly. This makes it easy to revoke the right key if a system is decommissioned or credentials are rotated.
If a key is only needed for a limited period — for example, during a migration or for a short-lived automation job — set an expiration date. An expired key stops working automatically without requiring a manual revocation step.
Never commit API tokens to source control. Use your CI/CD platform’s secrets store (for example, GitHub Actions secrets, GitLab CI variables, or HashiCorp Vault) to inject the token as an environment variable at runtime.
Even without a fixed expiration date, periodically delete old keys and create new ones to limit the impact of a token being exposed. Each new key gets a new token, and the old one is immediately invalidated when deleted.

Build docs developers (and LLMs) love

Get started for freeTalk to us