The API key of Data Management (DMS) Dify authenticates your requests to the DMS Dify service. Get this key before you call applications published in Dify Studio or integrate private LLM, Embedding, or Rerank model services on the Model Provider page.
Prerequisites
Before you begin, ensure that you have:
A DMS workspace with the O&M engineer, workspace administrator, or developer role
Permissions
| Role | Create an API key | View an API key |
|---|---|---|
| O&M engineer | Yes | Yes |
| Workspace administrator | Yes | Yes |
| Developer | No | Yes |
| Visitor | No | No |
Get an API key
Log in to the workspace as an O&M engineer, workspace administrator, or developer.
In the left-side navigation pane, choose
> Dify.On the Dify tab, click API KEY to view existing API keys or create one.
You cannot delete an API key at this time. Deleted keys will become invalid once the deletion feature is available.
Use the API key
After you get the API key, include both headers in every request to meet security compliance requirements:
| Header | Value | Description |
|---|---|---|
Authorization | Bearer app-xxxx | The app token from the published Dify application |
DifyApiKey | xxxx-xxxxxxx | The API key obtained in this topic |
Example request:
curl -X POST 'https://dify-{region_id}-dms.aliyuncs.com/v1' \
--header 'Authorization: Bearer app-xxxx' \
--header 'DifyApiKey: xxxx-xxxxxxx' \
--header 'Content-Type: application/json' \
--data '{
"inputs": {},
"query": "What are the specs of the iPhone 13 Pro Max?",
"response_mode": "streaming",
"conversation_id": "",
"user": "abc-123"
}'For a full list of API endpoints and parameters, see Developing with APIs.
Limitations
Each Dify instance supports only one API key.