Steps to Generate System Token via API in Self-Hosted Phoenix

Amith · 2025-11-11T08:53:20.527Z

Hello, what are the steps to generate a system token using an API call to my self hosted Phoenix instance using the phoenix secret or phoenix admin secret?

Steps to Generate System Token via API in Self-Hosted Phoenix | Arize AI Community

4 comments

· Sorted by Oldest

RunLLM
APP
·
·
To generate a system token (system API key) programmatically, set the PHOENIX_ADMIN_SECRET environment variable at deploy time. This secret acts as a bearer token for authenticating API requests as the first system user. Use it in the Authorization header to call Phoenix's API endpoints and provision system keys without manual UI interaction. The secret must be at least 32 characters, include a digit and a lowercase letter, and differ from PHOENIX_SECRET—it is set via the environment, not generated by an API call itself.After deployment, use the PHOENIX_ADMIN_SECRET as a bearer token in the Authorization header to authenticate API requests (e.g., to create a system API key via the REST or GraphQL API). For example, send a request with Authorization: Bearer <PHOENIX_ADMIN_SECRET> to the appropriate endpoint. Once a system key is created, use that key for further automation and remove the admin secret from your deployment for security. There is no direct API to generate the admin secret itself; it must be set as an environment variable before starting Phoenix. For details, see the official provisioning and API key documentation.Would you like more detail, such as example API calls or code snippets?Sources: - Provisioning | Arize Phoenix
💡 Hint: Mention RunLLM in the thread for followups.
Amith
·
·
RunLLM Can you show me an example code (API call) to generate a system token, authenticated using admin secret?
RunLLM
APP
·
·
You can generate a system API key by sending an authenticated API request using the PHOENIX_ADMIN_SECRET as a bearer token in the Authorization header. For example, using the GraphQL API, you can POST a mutation to your Phoenix server: LBKSimport requestsLBKSPHOENIX_URL = "http://<your-phoenix-host> :6006/graphql" ADMIN_SECRET = "<your-phoenix-admin-secret> "LBKSheaders = { "Authorization": f"Bearer {ADMIN_SECRET}", "Content-Type": "application/json" }LBKSpayload = { "query": """ mutation { createSystemApiKey(input: { name: "system-api-key"}) { jwt apiKey { name description createdAt expiresAt } } } """ }LBKSresponse = requests.post(PHOENIX_URL, json=payload, headers=headers) print(response.json())LBKSThis will return a new system API key in the response. Replace <your-phoenix-host> and <your-phoenix-admin-secret> with your actual values.Would you like more detail on the response or how to use the generated key?Sources: - feat(auth): create system key (GitHub PR)
💡 Hint: Mention RunLLM in the thread for followups.
Srilakshmi
External
·
·
Hi Amith! I think the bot answered your question correctly. Please let us know if there is anything else we can assist you with!

RunLLM
APP
·
·
To generate a system token (system API key) programmatically, set the PHOENIX_ADMIN_SECRET environment variable at deploy time. This secret acts as a bearer token for authenticating API requests as the first system user. Use it in the Authorization header to call Phoenix's API endpoints and provision system keys without manual UI interaction. The secret must be at least 32 characters, include a digit and a lowercase letter, and differ from PHOENIX_SECRET—it is set via the environment, not generated by an API call itself.After deployment, use the PHOENIX_ADMIN_SECRET as a bearer token in the Authorization header to authenticate API requests (e.g., to create a system API key via the REST or GraphQL API). For example, send a request with Authorization: Bearer <PHOENIX_ADMIN_SECRET> to the appropriate endpoint. Once a system key is created, use that key for further automation and remove the admin secret from your deployment for security. There is no direct API to generate the admin secret itself; it must be set as an environment variable before starting Phoenix. For details, see the official provisioning and API key documentation.Would you like more detail, such as example API calls or code snippets?Sources: - Provisioning | Arize Phoenix
💡 Hint: Mention RunLLM in the thread for followups.
Amith
·
·
RunLLM Can you show me an example code (API call) to generate a system token, authenticated using admin secret?
RunLLM
APP
·
·
You can generate a system API key by sending an authenticated API request using the PHOENIX_ADMIN_SECRET as a bearer token in the Authorization header. For example, using the GraphQL API, you can POST a mutation to your Phoenix server: LBKSimport requestsLBKSPHOENIX_URL = "http://<your-phoenix-host> :6006/graphql" ADMIN_SECRET = "<your-phoenix-admin-secret> "LBKSheaders = { "Authorization": f"Bearer {ADMIN_SECRET}", "Content-Type": "application/json" }LBKSpayload = { "query": """ mutation { createSystemApiKey(input: { name: "system-api-key"}) { jwt apiKey { name description createdAt expiresAt } } } """ }LBKSresponse = requests.post(PHOENIX_URL, json=payload, headers=headers) print(response.json())LBKSThis will return a new system API key in the response. Replace <your-phoenix-host> and <your-phoenix-admin-secret> with your actual values.Would you like more detail on the response or how to use the generated key?Sources: - feat(auth): create system key (GitHub PR)
💡 Hint: Mention RunLLM in the thread for followups.
Srilakshmi
External
·
·
Hi Amith! I think the bot answered your question correctly. Please let us know if there is anything else we can assist you with!