An API key and an access token serve different purposes in the context of Ory. API Key: API keys are used to authorize privileged operations, such as calling the Admin API to delete users. They are created in the Ory Console and work only in the context of the project for which they were created. To use an API key, include it in the

Authorization

header of your API calls, SDK calls, or command-line interactions ([source](https://www.ory.sh/docs/concepts/personal-access-token)). Access Token: Access tokens are short-lived tokens that grant access to resources for a limited time. They are used in OAuth2 flows to access protected resources on behalf of the user. Access tokens can be used to find out which user ("subject") is performing an action in a resource provider, but they should not be used for logging people in ([source](https://www.ory.sh/docs/hydra/faq)). In summary, API keys are used for authorizing privileged operations, while access tokens are used for granting access to resources in OAuth2 flows.