Arc en Ciel help

API keys and Discord upload links

Create keys, understand scopes, rotate secrets, and use Discord upload links without leaking credentials.

Before you start

  • A signed-in account.
  • A clear reason for automation or Discord upload linking.

Quick answer

  • Create a key only when a real tool needs it, and give it the smallest access that works.
  • Copy secrets once, store them outside public posts or screenshots, and delete old keys when you stop using a tool.
  • Discord upload links are temporary account-link grants, not general API keys.

The credential rule

API keys and upload links can connect tools to your account. Create them for a specific tool, keep the access small, keep them out of public content, and delete them when you are done.

Arc en Ciel settings integrations area with Civitai and API key controls.
Settings integrations - Settings keeps Civitai credentials, API keys, and automation controls in one account-scoped area.
Anonymized Discord-style example of Arc en Ciel upload bot commands and responses.
Discord upload flows are credential-adjacent - The bot can connect Discord-side actions to Arc account identity, so link flows and upload grants should be treated as private account controls.
Credential types
Type Use Risk
API key Automation, local tools, or developer clients. Can be abused until revoked if leaked.
Arc en Ciel Link access key Local Stable Diffusion integration. Can expose account-linked local workflow access.
Discord upload link Connect Discord-side upload workflows such as /link-account, context uploads, and reaction uploads to account identity. Wrong account or shared link can confuse ownership.
Civitai credential Import/export/sync. External account access and remote data changes.
  1. Open Settings and find the integration or API key area.
  2. Name the key after the tool and machine so you can identify it later.
  3. Choose the smallest scope that works.
  4. Copy the secret once into the target tool.
  5. Verify the integration works, then close the secret view.
  6. Rotate or delete keys after leaks, device changes, tool removal, or staff request.

Discord upload links are not general-purpose API keys. They are short-lived verification or grant flows that let the bot connect a Discord-side action to the right Arc en Ciel account. Use /link-account to create a fresh link when the bot asks for one, verify the browser session carefully, and use /arc link-status to confirm the active upload grant.

Discord credential hygiene

  • Treat link URLs as private - A one-time link can still attach the wrong workflow if posted in a shared channel.
  • Check status after linking - Use /arc link-status before assuming uploads will land under your account.
  • Revoke stale grants - Use /arc unlink-upload when changing accounts, devices, or guild context.
  • Do not paste access keys into Discord - Use the website settings UI for keys and rotate anything that appears in chat.

Never expose these in screenshots

  • API keys and access keys - Even partial keys can help attackers identify targets.
  • Session cookies or Civitai tokens - Treat browser/session material as account access.
  • Private Discord upload links - They can bind the wrong action or account.
  • Local file paths with usernames - Paths can reveal machine names or personal info.

Open Settings

Related links