Ory Talos
Ory Talos is an API key management service. It handles the full lifecycle of API credentials: issuing keys, verifying them on the data plane, deriving short-lived tokens (JWT and macaroon), and revoking access. Verification is sub-millisecond on a warm cache and stays under 5 ms p99 against a local SQL backend on commodity hardware.
Talos separates admin operations (issue, rotate, revoke, derive) from data-plane operations (verify, self-revoke) so you can scale and secure each path independently.
Choose your path
I want to integrate Talos into my application
You're a developer building an application that needs API key authentication. Start here:
- Quickstart — issue and verify your first API key in 5 minutes
- Integration guide — full API walkthrough for issuing, verifying, importing keys, and deriving tokens
- Error handling — error codes and retry strategies
I want to run Talos in production
You're a platform engineer responsible for deploying and operating Talos. Start here:
- Install — binary install or build from source
- Configure — configuration file, environment variables, and hot-reload behavior
- Deploy — Docker, Kubernetes, and split admin/data plane topologies
- Monitor — Prometheus metrics, OpenTelemetry tracing, and health endpoints
Editions
Ory Talos OSS (Apache 2.0) runs on a single node with a SQLite backend. It includes the full key lifecycle, token derivation, and CLI.
Ory Talos Commercial adds multi-tenancy, PostgreSQL/MySQL/CockroachDB backends, distributed caching (Redis, in-memory), edge proxy nodes, and the admin UI. Pages that cover commercial-only features are marked with a "Commercial" badge.
Learn more
- Concepts — architecture, credential types, security model, and caching behavior
- API reference — full admin and data plane endpoint documentation
- CLI reference — command-line tool documentation
- Configuration reference — all configuration keys and their defaults
