> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Service Account

> Detail view for a service account showing its associated API keys with support for creating, rotating, and revoking keys.

Service account detail page at `/settings/api-access/:serviceAccountId` where platform administrators view a service account's API keys and manage key lifecycle operations.

## Overview

The Service Account detail page fetches a service account record from `pf_service_accounts` scoped to the current organization and `serviceAccountId` parameter. It lists the account's API keys via `useApiKeyList` in `ApiKeyTable`. The **Create Key** button opens `CreateApiKeyDialog`; on success the secret is displayed once in `ApiKeySecretDialog`. Keys can be rotated or revoked. The account status (`active`, `suspended`, `archived`) is shown as a badge. The breadcrumb is set dynamically to the account name. `pf.api_credentials.manage` governs write actions.

## Who it's for

**Required permission:** `pf.api_credentials.view` (route guard); `pf.api_credentials.manage` required for create/rotate/revoke actions.

## Before you start

* You must hold `pf.api_credentials.view` to access the page.
* `pf.api_credentials.manage` is required to create or revoke keys.
* Navigate to the API Access list (`/settings/api-access`) and click a service account to reach this page.

## Steps

1. From `/settings/api-access`, click a service account row.
2. Review the account status and existing API keys.
3. To create a new key, click **Create Key** and complete the dialog. **Save the secret immediately — it will not be shown again.**
4. To rotate a key, use the rotate action on the key row and save the new secret.
5. To revoke a key, use the revoke action on the key row and confirm.

## Key concepts

**Service account** — A non-human principal used to authenticate API integrations. Scoped to an organization.

**API key** — A credential associated with a service account. Each key has a visible ID and a secret shown only at creation.

**Key rotation** — Generates a new secret for a key. SME: confirm whether the old secret is immediately invalidated.

## Related

<Columns cols={2}>
  <Card title="Platform Foundation" icon="layer-group" href="/pf/overview">
    Platform Foundation overview.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index" />
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/platform.tsx
  * src/platform/api-access/pages/ServiceAccountDetailPage.tsx
  * src/platform/api-access/hooks/useApiKeyList.ts
  * src/platform/api-access/components/CreateApiKeyDialog.tsx
  * src/platform/api-access/types.ts
</Accordion>
