Connect to WCS

There are two ways to connect to your Weaviate Cloud Services (WCS) instance:

Connect a browser to WCS through the WCS Console.
- The WCS console is a multi-purpose tool. Login to manage your clusters, users, and billing.
- The built-in Query console is useful to connect without a client application.
Connect a client application to WCS through APIs.
- For applications, use the WCS API and one of the client libraries to connect to WCS.

Browser authentication uses a username and password for authentication. The Weaviate clients use API keys to authenticate.

Connect with a browser

The WCS dashboard lets you monitor and control your Weaviate clusters from your browser. It also provides account management tools and a GraphQL query app.

To connect to WCS with a browser, follow these steps:

Open the WCS login page in a browser.
Click Login to Weaviate Cloud Services.
Enter your email address and password to authenticate.

Enable multi-factor authentication

Multi-factor authentication (MFA) increases the security of browser logins. To enable MFA, follow these steps.

Use your browser to connect to the WCS console.
Click the silhouette of a person in the sidebar

Click the 'Manage Two-Factor Authentication' button.
Enter your username and password to authenticate to WCS.
Open your authenticator application and scan the QR code.
Enter the code from your application in WCS to complete the setup.

After you configure MFA, WCS prompts you to supply the one-time authentication code each time you log in.

Enter MFA code

MFA and applications

If you use a JavaScript or TypeScript client to connect an application to Weaviate, do not enable MFA for that client's account. There is no way to pass the the one-time authentication code, so the application cannot connect to WCS. Use API keys to connect client applications to WCS.

Disable MFA

To disable MFA, contact support.

Connect with an API

By default, API keys are enabled for all WCS clusters. Managed clusters have an administrator key and a read-only key. Sandbox clusters only have an administrator key.

API keys

Retrieve your API keys

To retrieve your API keys, follow these steps:

Open the WCS console and find the panel for your cluster.
Click the Details button.

API key button

Click the API keys button.
Copy the key and store it in a safe location.

Authenticate a client application

The Weaviate server authenticates every request.

If you use a tool like cURL, add your API key to the request header.

If you use a Weaviate client library, pass the API key when you instantiate the client connection. After the connection is established, you do not have to pass the API key when you make requests.

Do not hard-code your API key in your client code. Consider passing the API key as an environment variable or using a similar secure coding technique.

export WEAVIATE_API_KEY="replaceThisPartWithYourAPIKey"

Use an API key to connect to WCS.

import weaviate
from weaviate.auth import AuthApiKey

# Connect to a WCS instance
client = weaviate.connect_to_wcs(
    cluster_url=weaviate_url,                    # `weaviate_url`: your Weaviate URL
    auth_credentials=AuthApiKey(weaviate_key),   # `weaviate_key`: your Weaviate API key
)

Use an API key with a custom connection.

import weaviate
from weaviate.auth import AuthApiKey

# Connect to a local Weaviate instance
client = weaviate.connect_to_custom(
    http_host="localhost",
    http_port=8080,
    http_secure=False,
    grpc_host="localhost",
    grpc_port=50051,
    grpc_secure=False,
    auth_credentials=AuthApiKey(weaviate_key),   # `weaviate_key`: your Weaviate API key
)

import weaviate
import os

# Instantiate the client with the auth config
client = weaviate.Client(
    url="https://WEAVIATE_INSTANCE_URL",  # Replace with your Weaviate endpoint
    auth_client_secret=weaviate.auth.AuthApiKey(api_key=weaviate_key),  # Replace with your Weaviate instance API key
)

import weaviate, { ApiKey } from 'weaviate-ts-client';

// Instantiate the client with the auth config
const client = weaviate.client({
  scheme: 'https',
  host: 'WEAVIATE_INSTANCE_URL',  // Replace WEAVIATE_INSTANCE_URL with your instance URL
  apiKey: new ApiKey(weaviateKey),
});

package main

import (
  "context"
  "fmt"
  "os"
  "github.com/weaviate/weaviate-go-client/v4/weaviate"
)

// Instantiate the client with the auth config
cfg := weaviate.Config{
  Host:"",  // Replace WEAVIATE_INSTANCE_URL with your instance URL
  Scheme: "http",
  AuthConfig: auth.ApiKey{Value: weaviateKey},
  Headers: nil,
}

client, err := weaviate.NewClient(cfg)
if err != nil{
  fmt.Println(err)
}

import io.weaviate.client.Config;
import io.weaviate.client.WeaviateAuthClient;

Config config = new Config("https", "WEAVIATE_INSTANCE_URL");
// Replace WEAVIATE_INSTANCE_URL with your instance URL
WeaviateClient client = WeaviateAuthClient.apiKey(config, weaviateKey);

# Replace WEAVIATE_INSTANCE_URL with your instance URL

curl https://WEAVIATE_INSTANCE_URL/v1/meta -H "Authorization: Bearer ${WEAVIATE_API_KEY}" | jq

Manage API keys

If you have a managed cluster, you can create and delete API keys.

There are two types of API key, ReadOnly and Admin.

Admin keys are read-write.
ReadOnly keys do not grant write access to the database.

Create an API key

If you have a managed cluster, you can create new API keys. New API keys are not available in Sandbox clusters.

WCS restarts the cluster when you add a new API key. If you have a stand-alone cluster, you will have a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

To create a new API key, follow these steps:

Click the Details button.
Click the API keys button.
Click Add Key.

Add API key UI

Choose the key scope, read-only or admin.
Click Generate to create the key.

Delete an API key

If you have a managed cluster, you can delete API keys.

WCS restarts the cluster when you delete an API key. If you have a stand-alone cluster, you will have a short downtime while the cluster restarts. There is no downtime if you have a high availability cluster.

To delete an API key, follow these steps:

Click the Details button.
Click the API keys button.
Click the trash-can icon to delete the API key.

Add API key UI

Connect via the query app

The built in GraphQL query app connects to clusters in your organization without any additional authentication.

If you use the GraphQL query app to connect to a Weaviate instance that is not part of your organization, provide an API key for the remote instance.

To pass the API key, add it to the Headers at the bottom of the GraphQL query app.

API key in header

Troubleshooting

This section has solutions for some common problems. For additional help, contact support.

Reset your password

To reset your WCS password, follow these steps:

Go to the WCS login page.
Click on click the login button.
Click Forgot Password.
Check your email account for a password reset email from WCS.
Click the link and follow the instructions to reset your password. The link is only valid for five minutes.

Connection timeouts

The new Python client uses the gRPC protocol to connect to WCS. The gRPC protocol improves query performance, but the protocol is sensitive to network speeds. If you run into timeout errors, increase the connection timeout value in your connection code.

Python (v4)

from weaviate.classes.init import AdditionalConfig, Timeout
from weaviate.auth import AuthApiKey
import weaviate

# Set these environment variables
URL = os.getenv("WCS_URL")
APIKEY = os.getenv("WCS_API_KEY")

# Connect to a WCS instance
client = weaviate.connect_to_wcs(
    cluster_url=URL,
    auth_credentials=AuthApiKey(APIKEY),
    additional_config=AdditionalConfig(timeout=Timeout(init=10)),
)

# Check connection
client.is_ready()

Alternatively, leave the default timeout values, but skip the initial connection checks.

Python (v4)

import weaviate
from weaviate.auth import AuthApiKey

# Set these environment variables
URL = os.getenv("WCS_URL")
APIKEY = os.getenv("WCS_API_KEY")

# Connect to a WCS instance
client = weaviate.connect_to_wcs(
    cluster_url=URL,
    auth_credentials=AuthApiKey(APIKEY),
    skip_init_checks=True,
)

# Check connection
client.is_ready()

gRPC health check error

Problem: gRPC returns a health check error after you update a managed cluster.

weaviate.exceptions.WeaviateGRPCUnavailableError: gRPC health check could not be completed.

Solution: Verify the cluster URL is correct and update the URL if needed.

When a managed cluster is updated, the cluster URL may change slightly. WCS still routes the old URL, so some connections work, however the new gRPC and the old HTTP URLS are different so connections that require gRCP fail.

To check the URLs, open the WCS Console and check the details panel for your cluster. If you prefix Cluster URL with grpc-, the Cluster URL and the Cluster gRPC URL should match.

Compare URLs

Compare the Cluster URL with the connection URL in your application. The old URL and the new URL are similar, but the new one may have an extra subdomain such as .c0.region.

If the URLs are different, update your application's connection code to use the new Cluster URL.

More resources

To authenticate with a Weaviate client library, see the following:

Support

For questions and support, try the following resources:

Weaviate also offers paid support services. If you have a contract with Weaviate, contact your sales representative for details.

Connect with a browser​

Enable multi-factor authentication​

MFA and applications​

Disable MFA​

Connect with an API​

Retrieve your API keys​

Authenticate a client application​

Manage API keys​

Create an API key​

Delete an API key​

Connect via the query app​

Troubleshooting​

Reset your password​

Connection timeouts​

gRPC health check error​

More resources​

Support​