| icon | user-gear |
|---|---|
| description | Manage your Spice.ai account, API keys, organizations, and billing. |
Spice.ai Cloud uses GitHub for authentication. To create an account:
- Go to spice.ai.
- Click Sign in with GitHub and authorize the Spice.ai GitHub App.
- A personal organization is created automatically for you.
See the full Getting Started guide for a step-by-step walkthrough.
Each Spice.ai app has two API keys that authenticate requests to the data and AI APIs.
Navigate to your app in the Portal → Settings → API Keys.
| API | Authentication |
|---|---|
| SQL HTTP API | X-API-Key header |
| Arrow Flight API | Password in handshake |
| LLM API | X-API-Key header |
| Search API | X-API-Key header |
| SDKs | Client configuration |
Each app has two keys to support zero-downtime rotation:
- Regenerate Key 2 (while clients use Key 1).
- Update all clients to use Key 2.
- Regenerate Key 1.
{% hint style="warning" %} Regenerating a key immediately invalidates the old key. Ensure all clients are updated before regenerating. {% endhint %}
API keys can also be managed via the Management API.
The Management API uses personal access tokens (not app API keys) for authentication. Generate tokens in the Portal under Profile → Personal Access Tokens.
Organizations are the primary unit for managing teams, apps, billing, and access.
Every user automatically receives a personal organization on signup. This is a single-member org tied to your account.
Team organizations allow multiple members to collaborate on shared apps. To create one:
- In the Portal, go to Organizations → Create Organization.
- Connect a GitHub organization to link team membership.
Organization admins can add members by:
- Spice username
- GitHub username (requires the user to have a public email on their GitHub profile)
- Email invitation
To remove a member, go to your organization's Settings → Members.
See Organizations for full details.
The free Community Plan includes:
- One app per organization.
- Access to all building blocks (data connectors, AI gateway, search, etc.).
- Auto-pause: Apps without API requests for 7 days are automatically paused. Paused apps can be restored anytime in the Portal.
Paid plans provide:
- Higher request and query limits.
- No auto-pause.
- Service-level guarantees.
- Priority support with SLA.
- SOC 2 Type II report access.
See Pricing for current plan details.
App secrets store sensitive configuration values (API keys for data sources, model provider credentials, etc.).
- Secrets are app-scoped and encrypted.
- Values are write-only — they cannot be retrieved after saving.
- To change a value: delete the secret and recreate it.
- Secret changes require a new deployment to take effect.
- Reference secrets in your Spicepod with:
${secrets:SECRET_NAME}.
See Secrets for details.
Spice.ai Cloud is SOC 2 Type II compliant. Key security measures include:
- Authentication and authorization with RBAC.
- MFA enforcement.
- Encryption in transit (TLS 1.2+) and at rest.
- Auditable access logs.
- Secure code scanning and third-party audits.
See Security for the full security overview. Enterprise plan customers can request the SOC 2 report.