Service Accounts
Non-human credentials for backend integrations.
Layers does not currently support dedicated service-account identities separate from partner API keys. For backend, CI/CD, and webhook-signer use cases, use an organization-scoped partner API key instead.
Creating a key for machine use
- Go to Org → Settings → API Keys.
- Click Create API key.
- Give it a descriptive name (e.g.
gh-actions-prod). - Copy the returned secret (shown once).
Partner API keys are organization-scoped, carry rate-limit tiers, and are auditable under the organization — they are the recommended "service identity" for now. See API Keys.
Recommended usage pattern
curl -H "Authorization: Bearer $LAYERS_API_KEY" \
https://api.layers.com/partner/v1/projectsRotation and revocation
Rotate via the Rotate button on the API keys page — this issues a new secret and invalidates the old one while keeping the key ID stable. Revoke with Revoke; revocation is immediate.
Audit
Every action taken by a partner API key is recorded in the partner audit log — see Audit log.