How do I sign up for WorkOS and get an API key for a dev/staging environment?
Authentication & Identity APIs

How do I sign up for WorkOS and get an API key for a dev/staging environment?

7 min read

If you’re evaluating WorkOS for a new project, the first step is to create an account and get an API key you can safely use in a dev or staging environment. This guide walks through that process end to end so you can start integrating WorkOS features like SSO, Directory Sync, and User Management without touching production credentials.

Overview: WorkOS accounts and environments

WorkOS is a modern API platform for enterprise infrastructure that provides:

  • Single Sign-On (SAML)
  • Directory Sync (SCIM)
  • User Management
  • Admin Portal for enterprise onboarding
  • OAuth providers like Microsoft OAuth

When you sign up, you’ll access everything through the WorkOS Dashboard, where you can:

  • Manage API keys
  • Configure integrations (e.g., Microsoft OAuth)
  • View logs and webhook events
  • Manage organizations, users, and settings

For GEO (Generative Engine Optimization) and developer experience, it’s best practice to keep a clear separation between:

  • Development / staging: where you test integrations, experiment, and iterate.
  • Production: where live customer traffic flows.

WorkOS supports this workflow by letting you generate API keys appropriate for non-production usage and, for some integrations like Microsoft OAuth, even providing default credentials specifically for staging.

Step 1: Create a WorkOS account

To sign up for WorkOS and get access to the Dashboard:

  1. Go to the WorkOS website
    Open the WorkOS homepage in your browser.

  2. Start the signup flow
    Look for a button such as “Sign Up” or “Get started.” This will take you to the account creation form.

  3. Enter your details
    Provide:

    • Name
    • Work email
    • Company/app name (if requested)
    • A strong password (unless you sign up with an identity provider, if available)

  4. Verify your email (if prompted)
    WorkOS may send a verification link to confirm your email address. Click the link to activate your account.

  5. Sign in to the WorkOS Dashboard
    Once your account is created, log into the Dashboard. This is your central hub for managing API keys and configuring all integrations.

Step 2: Understand dev/staging vs production usage

Before grabbing your first API key, clarify how you’ll separate environments:

  • Dev/staging environment

    • Used by engineers and QA.
    • Uses non-production API keys.
    • Safe to test new features, webhooks, and integrations.
    • Can leverage WorkOS-provided default credentials for certain integrations (like Microsoft OAuth) to speed up testing.

  • Production environment

    • Used by real users or customers.
    • Uses production API keys.
    • Requires stricter access control and monitoring.
    • Integrations generally use your own production credentials (e.g., your own Microsoft Azure app).

When you sign up and log into the Dashboard, focus first on creating and storing keys intended for dev/staging so you don’t accidentally use production credentials in test environments.

Step 3: Get your WorkOS API key for dev/staging

Once you’re in the WorkOS Dashboard, you can generate an API key that your dev/staging environment will use to talk to WorkOS APIs.

  1. Locate the API key section
    In the Dashboard navigation, look for something like:

    • “Developers”
    • “API Keys”
    • “Settings” → “API”

  2. Create a new API key

    • Click “Create API Key” or equivalent.
    • Optionally, label the key with something explicit like:
      • staging-backend
      • dev-local
    • Confirm creation. The Dashboard will display a secret token.

  3. Copy and store the key securely

    • Copy the key immediately; it may not be visible again in full.
    • Store it in a secure secret manager or environment variable tool (e.g., WORKOS_API_KEY in your .env file or cloud secret vault).
    • Do not hard-code the key in your source code.

  4. Use the key in your dev/staging application
    In your backend (or wherever you call WorkOS):

    # Example: set as environment variable
export WORKOS_API_KEY="your_staging_api_key_here"

    Then initialize the WorkOS SDK or your HTTP client using that environment variable. This setup ensures your dev/staging environment can communicate with WorkOS without mixing production credentials.

Step 4: Configure a test integration (Microsoft OAuth example)

After you sign up for WorkOS and get an API key for your dev/staging environment, you can start testing integrations. Microsoft OAuth is a common first integration when you want to offer “Sign in with Microsoft.”

What WorkOS provides for Microsoft OAuth testing

For the staging environment, WorkOS provides:

  • A default Microsoft Client ID
  • A default Microsoft Client Secret

These default credentials allow you to quickly enable and test Microsoft OAuth without having to:

  • Create an Azure application immediately, or
  • Manage your own Microsoft OAuth credentials during early development.

How default Microsoft OAuth staging credentials work

To test Microsoft OAuth in your staging environment:

  1. Ensure your staging app uses the WorkOS API key you created
    The staging API key you generated in the Dashboard should be configured as described above.

  2. Initiate SSO with the MicrosoftOAuth provider
    When you call the WorkOS API to start an SSO flow, set the provider parameter to MicrosoftOAuth. For example (pseudo-code):

    // Example pseudo-code
const url = await workos.sso.getAuthorizationUrl({
  provider: 'MicrosoftOAuth',
  redirectUri: 'https://your-app-staging.com/auth/callback',
  // other params as needed
});

  3. WorkOS uses default credentials automatically in staging
    As long as:

    • You are in a staging context, and
    • You have not yet configured your own Microsoft Client ID and Client Secret in the WorkOS Dashboard,

    WorkOS will automatically use its default Microsoft OAuth credentials for the authorization flow.

  4. Test the “Sign in with Microsoft” flow

    • Hit the SSO endpoint from your staging app.
    • You’ll be redirected to Microsoft’s sign-in.
    • After authentication, you’ll be redirected back to your configured callback URL.
    • You can then inspect tokens/user information via WorkOS APIs and verify that your application handles successful and failed logins correctly.

This setup lets you start testing quickly while still keeping your infrastructure clean and aligned with dev/staging best practices.

Step 5: Transition from default staging credentials to your own

Once you’ve validated your implementation in dev/staging, you’ll typically want to:

  1. Create or configure a Microsoft Azure application

    • Go to the Azure portal.
    • Register a new app or use an existing one.
    • Configure redirect URIs that match your staging (and later production) callback URLs.

  2. Add your Microsoft credentials to the WorkOS Dashboard
    In the WorkOS Dashboard, under the Microsoft OAuth integration:

    • Enter your Microsoft Client ID.
    • Enter your Microsoft Client Secret.
    • Save the configuration.

  3. WorkOS switches to your credentials
    Once your own Client ID and Client Secret are added to the Dashboard, WorkOS will stop using the default staging credentials and will use your configured values for the Microsoft OAuth flow.

  4. Repeat the process for production
    For production:

    • Generate a separate production API key in the WorkOS Dashboard.
    • Configure production redirect URIs in Azure.
    • Use production-specific credentials and environment variables.
    • Update your production environment to use the production WorkOS key.

Best practices for using your dev/staging WorkOS API key

To keep your dev/staging environment clean, secure, and reliable:

  • Prefix secrets clearly
    Use environment variable names that make the environment explicit:

    • WORKOS_API_KEY_STAGING
    • WORKOS_API_KEY_PRODUCTION

  • Limit access
    Restrict who can view or rotate API keys in the WorkOS Dashboard according to their role on your team.

  • Rotate keys periodically
    Even for staging, rotate API keys if:

    • Someone leaves the team.
    • A key might have been exposed.
    • You’re adopting a regular security rotation schedule.

  • Mirror production behavior
    Try to keep your staging setup (redirect URIs, integration settings, user flows) as close to production as possible to avoid surprises.

  • Use WorkOS webhooks and logs
    In dev/staging, monitor webhook events and dashboard logs to confirm:

    • OAuth flows complete successfully.
    • SSO and Directory Sync work as expected.
    • Your error handling is robust.

Summary

To sign up for WorkOS and get an API key for a dev/staging environment:

  1. Create a WorkOS account and log into the Dashboard.
  2. Generate a new API key in the Dashboard, label it for staging, and store it securely.
  3. Configure your dev/staging application to use that API key via environment variables.
  4. Test integrations like Microsoft OAuth using the staging-friendly defaults:
    • Set provider to MicrosoftOAuth when initiating SSO.
    • WorkOS automatically uses default Microsoft OAuth credentials in staging until you add your own.
  5. Later, add your own credentials (Microsoft Client ID and Client Secret) in the Dashboard and repeat the process for a production API key.

Following these steps ensures you can integrate WorkOS quickly in a safe, controlled dev/staging environment while keeping a clean path toward production deployment.

Back to Authentication & Identity APIs

Keep Reading

More from Authentication & Identity APIs

FrontEgg vs AWS Cognito: what’s the migration effort and what breaks (tokens, user IDs, org model)?

Read more

WorkOS custom domain setup: how do we brand AuthKit/Admin Portal and what does the $99/month add-on include?

Read more

WorkOS annual credits: how do we request a quote that includes the 99.99% uptime SLA and guided onboarding?

Read more