API Keys

Most renters never need this page. Use it when:

You want to drive Lium from the CLI (lium ...).
You want an AI agent (Claude, Cursor, your own) to deploy and manage pods on your behalf via the API or MCP server.
You're integrating Lium into a CI pipeline, a Slack bot, or your own tool.

If you're just here to rent a GPU and SSH in, the dashboard at lium.io is the friendlier path — see Quickstart.

What an API key does

An API key authenticates HTTP requests to https://lium.io/api/... as you. Anyone with the key can:

Deploy pods, attach volumes, start backups — and be billed to your account.
Read your pod list, backup history, and account balance.
Delete things. The API has no separate "read-only" scope yet.

Treat the key like a password. Never paste it into a public repo, an issue tracker, a screenshot, or a non-CVM pod.

Generate a key

Sidebar → Access (key icon).
Click the API Keys tab.
ADD NEW +, give the key a Name (something like cli-laptop, ci-deploy-bot, claude-agent), ADD.
The full key shows once in a copy-to-clipboard chip. Copy it now — Lium only stores a hashed version, so you can't view it again.

Access page → API Keys tab

The list view shows each key's Name, masked Key prefix, Active flag, Last used, Expires at, and Date created.

Use the key

Pass the key in the X-API-Key header on every request:

export LIUM_API_KEY=sk_yjujqGP...full-key

curl https://lium.io/api/pods \
  -H "X-API-Key: $LIUM_API_KEY"

For the CLI:

pip install lium.io                   # or: curl https://lium.io/install.sh | sh
lium login --api-key $LIUM_API_KEY    # stored in ~/.lium/credentials
lium pods list

For the SDK and MCP server, set LIUM_API_KEY in the environment.

Quick "API Key" button (top-left)

The API Key button at the very top of the sidebar (under your balance) copies your most recent active key to the clipboard and shows a toast. Handy for quick re-pastes; not a substitute for managing keys on the Access page.

Rotate, deactivate, delete

On the Access → API Keys row:

✏️ Edit — rename or set an expiry date.
🗑️ Delete — revokes the key immediately. Anything using it (CLI session, running agent) will start getting 401s.

There's no separate "deactivate but keep" toggle yet — delete and recreate when you need to rotate.

What this unlocks for AI agents

The whole Renters surface (pods, templates, volumes, backups, restores, scheduled termination) is exposed via the same REST API and via the MCP server. With one API key, an agent can:

Watch the marketplace and deploy a cheap pod when an A100 drops below your price ceiling.
Spin up a fresh pod for each job, run training, take a final backup, terminate.
Pull a backup down for inspection in your laptop, then fan out restores into many pods.
Manage templates: keep your team's images, tags, and entrypoints in sync from CI.

Schemas live in the OpenAPI spec. The Renters pages above each have a "For agents and automation" block at the bottom showing the curl/CLI equivalents of every UI flow.

Key hygiene

One key per integration. If your laptop's key leaks, you only revoke that one.
Set an Expires at for short-lived agents (CI runners, hackathon scripts).
Don't bake keys into Docker images or templates. Set them as env vars at runtime, or use the agent itself to deploy with a short-lived key.
Never put a key in a non-CVM pod's filesystem — see Pod security.

What an API key does​

Generate a key​

Use the key​

Quick "API Key" button (top-left)​

Rotate, deactivate, delete​

What this unlocks for AI agents​

Key hygiene​