BETTER-AUTH. UI
Plugins

API Key

Add programmatic API key management with create, copy, and revoke flows to your authentication settings.

The API key plugin adds programmatic API key management to your authentication UI. Users can create, copy, and revoke API keys from a security card in account settings.

It contributes:

  • An <ApiKeys /> card to the security settings tab for user-owned keys
  • An <OrganizationApiKeys /> card to <OrganizationSettings /> for organization-owned keys (opt-in via apiKeyPlugin({ organization: true }); requires the organization plugin and a matching server-side API key config)

Setup

Install the Better Auth plugin

Install the @better-auth/api-key package and add it to your Better Auth server config:

lib/auth.ts
import { betterAuth } from "better-auth"
import { apiKey } from "@better-auth/api-key"

export const auth = betterAuth({
  // ...
  plugins: [
    apiKey() 
  ]
})

Install the matching client plugin

Add apiKeyClient() to your auth client so authClient.apiKey.* methods are available:

lib/auth-client.ts
import { createAuthClient } from "better-auth/react"
import { apiKeyClient } from "@better-auth/api-key/client"

export const authClient = createAuthClient({
  plugins: [apiKeyClient()] 
})

Register the UI plugin

Pass apiKeyPlugin() to <AuthProvider>:

components/providers.tsx
import { AuthProvider } from "@better-auth-ui/heroui"
import { apiKeyPlugin } from "@better-auth-ui/heroui/plugins"

import { authClient } from "@/lib/auth-client"

<AuthProvider
  authClient={authClient}
  plugins={[
    apiKeyPlugin() 
  ]}
>
  {children}
</AuthProvider>

Components

<ApiKeys />

API keys

The <ApiKeys /> security card is automatically rendered in <SecuritySettings /> when the plugin is registered. Pass organizationId to scope the list and create payload to an organization instead of the signed-in user.

Usage

import { ApiKeys } from "@better-auth-ui/heroui/plugins"

<ApiKeys />

Props

Prop

Type

<OrganizationApiKeys />

A thin wrapper around <ApiKeys /> that resolves the active organization via useActiveOrganization and forwards its id. Rendered inside <OrganizationSettings /> only when the plugin is registered with { organization: true }.

To enable, opt in on the UI plugin and add a matching API key configuration to your Better Auth server config. The plugin uses a fixed configId of "organization", so the server entry must be { configId: "organization", references: "organization" }:

components/providers.tsx
import { AuthProvider } from "@better-auth-ui/heroui"
import { apiKeyPlugin } from "@better-auth-ui/heroui/plugins"

import { authClient } from "@/lib/auth-client"

<AuthProvider
  authClient={authClient}
  plugins={[
    apiKeyPlugin({ organization: true }) 
  ]}
>
  {children}
</AuthProvider>
lib/auth.ts
import { betterAuth } from "better-auth"
import { apiKey } from "@better-auth/api-key"
import { organization } from "better-auth/plugins"

export const auth = betterAuth({
  // ...
  plugins: [
    organization(),
    apiKey([
      { configId: "default", references: "user" },
      { configId: "organization", references: "organization" } 
    ])
  ]
})

See the Better Auth docs for role-based permissions on organization-owned keys.

Usage

import { OrganizationApiKeys } from "@better-auth-ui/heroui/plugins"

<OrganizationApiKeys />

Props

Prop

Type

Options

Prop

Type

Localization

Prop

Type

Last updated on

Additional Fields

Render custom user fields on the sign-up form and user profile.

Captcha

Add bot protection to sign-up, sign-in, and password reset using a provider-agnostic captcha widget.

On this page

SetupInstall the Better Auth pluginInstall the matching client pluginRegister the UI pluginComponents<ApiKeys /><OrganizationApiKeys />OptionsLocalization