API Keys

API keys provide simple, long-lived authentication for server-to-server communication. Use API keys for automated scripts, background jobs, and integrations that don't require user interaction.

Creating API Keys

Key Generation

Create a new API key:

1. Navigate to Settings → API Keys
2. Click "Create API Key"
3. Enter a descriptive name (up to 128 characters)
4. Click "Create"
5. Copy and save your API key immediately

Key Permissions

API keys inherit permissions from your user account:

• User Permissions: Keys have the same permissions as your user account
• Role-Based Access: Permissions depend on your role (Owner, Admin, User)
• Organization Scope: Keys can only access data within your organization
• No Custom Permissions: Unlike API clients, keys cannot have custom scopes

Note: API keys provide full access to your account's data. Keep them secure and rotate them regularly.

Key Expiration

API keys can have expiration dates:

• No Expiration: Keys remain active indefinitely (default)
• Custom Expiration: Set a specific expiration date
• Automatic Expiration: Keys automatically become invalid after expiration
• Renewal: Create a new key before expiration

Set expiration dates for better security, especially for temporary integrations.

Key Security

Best practices for API key security:

• Never Share Keys: Keep API keys private and secure
• Use Environment Variables: Store keys in environment variables, not in code
• Rotate Regularly: Create new keys and delete old ones periodically
• Monitor Usage: Regularly review key usage for suspicious activity
• Delete Unused Keys: Remove keys that are no longer needed
• Use HTTPS: Always use HTTPS when making API requests

Security Warning: If an API key is compromised, delete it immediately and create a new one. Review your API access logs for any unauthorized usage.