Personal API keys live under Account settings > API keys in the Neon Console. Organization and project-scoped keys live under your organization's Settings > API keys. The Console lists every key's name, who created it, and when it was last used, but it does not show the secret token after creation. Save the token in a secret manager as soon as you create the key.
Generate a key
Personal keys give you access to every organization and project you're a member of.
- In the Neon Console, open the user menu and click Account settings.
- Select API keys.
- Click Create new API key, give it a descriptive name, then click Create.
- Copy the token immediately. You won't be able to view it again.
Use the key with Authorization: Bearer $NEON_API_KEY on Neon API calls. For the CLI, pass it with the --api-key global option (or set the NEON_API_KEY environment variable) instead of running neon auth, which launches an interactive browser login.
List or revoke existing keys
- Personal: Account settings > API keys shows existing keys with Revoke buttons.
- Organization or project-scoped: org Settings > API keys.
Revocation is immediate and permanent. Any request using a revoked key returns 401 Unauthorized. To rotate, create a new key first, switch your callers over, then revoke the old one.
The token is shown once and only once
Neon displays the secret token a single time, in the modal that opens right after you click Create. The Console will list the key's name and ID afterward, but there's no way to view the token again. If you didn't save it, you'll need to revoke the key and create a new one. Store new tokens in a secret manager (AWS KMS, Azure Key Vault, 1Password, Vault, etc.) at creation time.
There are no client-safe Neon keys
Full guide to creating, listing, and revoking keys via the Console and the API.