Linear API Keys

Linear personal API keys let your workflows authenticate without an OAuth consent flow. A key gives full parity with the Linear API — everything Sim's Linear blocks can do over OAuth works with a key.

Keys are bound to the user who creates them: every action a workflow takes is attributed to that user, and the key stops working if the user is deactivated or leaves the workspace. For production workflows, create the key from a dedicated service user (e.g. sim-bot@yourcompany.com) rather than a personal account.

Prerequisites

A Linear account that is allowed to create API keys. Workspace admins can disable API-key creation for members (SettingsAdministrationAPIMember API keys) — if the option is missing for you, ask an admin, or have an admin create the key (the restriction doesn't apply to admins).

Creating the API Key

Log in as the service user, open Linear Settings, and go to Security & accessPersonal API keys

Click New API key and give it a label (e.g. Sim Integration)

Choose the key's permissions. For full parity with Sim's Linear blocks, create it with full access — or, if you restrict it, grant at least Read and Write with no team restriction. A key limited to specific teams will fail on issues and projects outside those teams

Copy the key — it starts with lin_api_ — and store it somewhere safe.

The API key carries the creating user's full access to your Linear workspace. Treat it like a password — do not commit it to source control or share it publicly. Sim encrypts the key at rest.

Adding the API Key to Sim

Open your workspace Settings and go to the Integrations tab

Search for "Linear Service Account" and click it, then click Add to Sim and choose Add API key

Paste the API key (lin_api_...) and optionally set a display name and description

Click Add API key. Sim verifies the key by querying Linear's viewer — if it fails, you'll see a specific error explaining what went wrong.

A key created with permission restrictions that block reading the viewer (the key's own user) is rejected at connect time. Create the key with full access, or at minimum Read + Write, so it validates and every block works.

The key is encrypted before being stored.

Using the Service Account in Workflows

Add a Linear block to your workflow. In the credential dropdown, your Linear service account appears alongside any OAuth credentials. Select it and configure the block as you normally would.

The block calls Linear's GraphQL API (api.linear.app/graphql) with the key. Everything the workflow does — creating issues, adding comments, updating projects — is attributed to the user who created the key.

Common Questions

Not for API keys — every key is tied to a user. The closest equivalent is creating a dedicated service user in your workspace and generating the key from that account, so workflows aren't attributed to (or broken by) a real person's account.
No — keys are long-lived and don't auto-rotate. They stay valid until deleted, or until the user who created them is deactivated or removed from the workspace.
Keys are user-bound, so deactivating the user kills the key and every workflow using it starts failing with authentication errors. This is exactly why production keys should come from a dedicated service user.
The key was created with restricted permissions — for example, Read only, or limited to specific teams. Validation checks that the key is alive and can read its own user, but write failures surface at run time. Create a new key with Read + Write and no team restriction, then update the credential in Sim.
No. Linear has a single API host and the key itself identifies the workspace — the key is all the credential needs.
Create a new key from the same service user in Linear, update the credential in Sim with the new key, and once it's working, delete the old one.

On this page