Settings And Users
API Keys
How to create, review, and revoke API keys without losing track of what they are for.
What this page is for
This page explains how API keys are managed and how to treat them like real operational credentials.
When to use it
Use it when:
- you need programmatic access to the API
- you are rotating or revoking an existing integration key
- you want to understand what the API key list is telling you
How to use it
Generate a key
Create the key and give it a name that identifies the calling system clearly.
Copy the secret once
The full key is only shown at creation time, so copy it immediately and store it safely.
Review existing keys
Use the table to understand:
- what keys exist
- whether they are still used
- whether any have expired
Revoke when needed
Revoke keys that are no longer trusted or no longer required.
What to expect
Revocation is immediate. Treat it like a real operational change.
Common mistakes
- giving keys vague names that are useless later
- assuming the full secret can be recovered after creation
- leaving unused keys in place because “they are probably harmless”