Getting an API Key
1
Go to Settings
Navigate to Settings in the sidebar.
2
Select API Keys
Click the API Keys tab.
3
Create Key
Click Create API Key.
4
Name Your Key
Give your key a descriptive name (e.g., “Production Server”, “CI/CD Pipeline”).
5
Copy Key
Copy the key immediately. It won’t be shown again.
Using API Keys
Include your API key in theAuthorization header:
Key Types
| Prefix | Type | Description |
|---|---|---|
ck_live_ | Production | Full access to your organization |
ck_test_ | Test | For development and testing |
Key Permissions
API keys have the same permissions as the user who created them:- Owner/Admin keys: Full API access
- Member keys: Read-only access
Security Best Practices
-
Never commit keys to version control
-
Rotate keys regularly
- Create a new key
- Update your applications
- Delete the old key
-
Use separate keys per environment
- Production key for production
- Test key for development/staging
-
Limit key exposure
- Don’t share keys in Slack/email
- Use secrets management (AWS Secrets Manager, HashiCorp Vault)
Revoking Keys
To revoke an API key:- Go to Settings → API Keys
- Find the key
- Click Revoke
- Confirm revocation
Rate Limiting
Rate limits are per API key:X-RateLimit-Reset or the Retry-After seconds before retrying.