You can generate an API Key in your InternalStack Cloud console.

Do not expose your API Keys outside of a trusted server environment

Every key is scoped to a single application.
Every key is prefixed with 'live_psk_' for automated codebase leak detection.

These opaque tokens should be treated as secret values.

import { internalStack } from '@internalstack/server'

const server = await internalStack(process.env.INTERNALSTACK_API_SECRET) // Do this ✅

// const server = await internalStack('live_psk_5b2d902f24a057349d9f2d1c385fef7c5947112') // Don't do this ❌

Using dynamic environment variables helps keep your keys secure

An application may have up to two live keys at any time. This allows for rotation without downtime.

Quickstart

Server

Authentication