API keys: how they work

What is an API key?

An API key is a secret token (like a password) that proves a request is from you. We will never reveal anyone else's key, and we never display yours twice - so save it the moment you create one.

Each call you make using a key counts toward this account's monthly API usage shown on the API Keys tab.

Create your first key

In Settings -> API Keys, click + Create key. Give it a memorable name like "Production server" or "Zapier integration" so you can recognise it later.

When the key appears, copy it immediately. We store only a hashed version - if you lose it, you must revoke and create a new one.

Make your first request

Send the key as a Bearer token in the Authorization header:

curl -X POST https://api.example.com/v1/endpoint -H "Authorization: Bearer YOUR_API_KEY"

The same pattern works from any language - Node, Python, PHP, anything that can make HTTP requests.

Track and rotate

Every key shows its lifetime request count and the date it was last used, so you can spot keys that should be retired.

Hit Revoke to disable a key permanently. Anything still using it will start receiving 401 Unauthorized immediately.