Get Started
Home Features Pricing Use Cases Integrations Blog

Authentication & API Keys

Precise gradients for modern web design

Security & Key Creation

ChromaKit enforces strict access controls to protect your gradient presets, sync pipelines, and project workflows. All API endpoints require valid authentication tokens tied to verified workspace accounts.

Generate keys directly from the Developer Console under Account Settings. Each key follows a 64-character hex format (e.g., `ck_live_9a2f7c4e8b...`) and includes scoped permissions for read, write, or full project access. Tokens are automatically hashed using Argon2id before database storage and never transmitted in plain text over HTTP. Invalid payloads trigger immediate 401 responses with zero leakage.

Standard Access

Read-Only & Preview Keys

Ideal for design systems and frontend integrations. Access gradient palettes, sync export formats (CSS, SVG, PNG), and fetch usage metrics without modifying live projects. Rate limit: 500 requests/minute with automatic circuit breaking.

Full Access

Write & Admin Keys

Required for automated pipeline deployments and programmatic gradient generation. Supports bulk updates, webhook triggers, and direct database sync. Rate limit: 1,200 requests/minute with mandatory IP allowlisting.

Key Management & Rotation

Maintain operational security by implementing automated lifecycle policies. ChromaKit supports seamless key rotation without pipeline downtime, ensuring continuous deployment integrity across distributed environments.

Schedule rotations directly through the dashboard or via our CLI tool (`chromakit-cli rotate --env production`). Legacy keys remain active for a 72-hour transition window, allowing graceful fallback across CI/CD runners and edge nodes. Audit logs capture every generation, revocation, and scope modification with ISO 8601 timestamps and immutable hash verification.

Secure Storage

Vault & Environment Variables

Never hardcode credentials in repositories. Integrate with HashiCorp Vault, AWS Secrets Manager, or GitHub Actions secrets. ChromaKit validates token signatures against your public RSA-2048 key bundle for zero-trust deployments.

Enterprise SSO

OAuth2 & SAML Integration

For teams using Okta, Azure AD, or PingIdentity, enable federated authentication with OAuth 2.0 flows. Supports PKCE, refresh token rotation, and role-based access control (RBAC) mapped to ChromaKit workspace tiers. Contact solutions@chromakit.dev for SSO provisioning.