> ## Documentation Index
> Fetch the complete documentation index at: https://docs.craveup.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate a Storefront API Key

> Create an API token in the Crave dashboard and store it safely for your storefront project.

Every storefront uses a Crave API key to authenticate requests. Keys are organization-scoped, but every request still targets a concrete `locationId`, so keep them protected just like any other secret. Follow these steps in the Crave dashboard to generate one.

## Prerequisites

* Access to the Crave dashboard with the **Developer** role
* At least one location in your merchant account

## 1. Sign in to the dashboard

1. Open [craveup.com](https://craveup.com) – this is the public landing page.
2. Click **Log in** in the top-right corner (you’ll be sent to `craveup.com/login`).
3. Sign in with your merchant credentials to land on the dashboard.

## 2. Open the Developer section

Inside the dashboard header you’ll see a **Developers** button. Click it to open the “API Development” workspace. The first card on the page is **Step 1 – API Keys**; this is where you manage tokens.

## 3. Create a new key

1. Click **Generate Your First API Key** (or **Add Key** if you already have one).
2. Enter a friendly name (for example, “Storefront - staging”).
3. Submit the form. A modal appears with the full token **exactly once**.

> ⚠️ You can keep up to **three active keys** per organization. Delete unused tokens before adding more.

> 📎 Recommendation: create separate keys for development, staging, and production environments.

## 4. Store the key securely

Copy the token from the success dialog and add it to your storefront environment variables:

```env theme={null}
# Optional: override the API base URL (usually inferred from the API key).
# NEXT_PUBLIC_API_URL=https://api.craveup.com/api/v1
NEXT_PUBLIC_CRAVEUP_API_KEY=sk_live_xxx
```

Keep keys out of version control. If you deploy to Vercel, Netlify, or another host, place the key in their secret manager instead of committing `.env.local`.

The token dialog cannot be reopened later. If you close it without copying the value, delete the key and generate a new one.

## 5. Rotate or revoke keys when needed

Back on the **API Keys** card you’ll see each token with its prefix and last four characters. Use the trash icon to revoke a key instantly—deployments using that key must be updated with a new value.

Directly below the key table is **Step 2 – Location IDs**. Use the copy button beside each location to grab the `locationId` you’ll pass to the Storefront SDK or REST endpoints.

You are ready to connect your storefront. Continue with the [CLI quickstart](/getting-started/cli-quickstart) to scaffold the project, or jump straight to the [Storefront SDK guide](/getting-started/storefront-sdk) to integrate the API.
