Skip to main content
Open in Introw: API Keys

How it works

You manage API keys on the API Keys page under Developers. Each key carries the permissions you grant and an expiry you choose. The secret is shown only once when you create it, so you copy it then and store it securely. Your code sends the key with each request to authenticate, and the API enforces the key’s permissions on every call. The endpoints themselves, request and response shapes, authentication header, and code samples, live in the API Reference. This page covers creating and managing keys; use the API Reference to build the calls.

Prerequisites

  • Developer settings permission on your role.
  • API access enabled on your plan.

Settings & configuration

API keys are managed at API Keys.

API keys

The page lists your keys with their name, a masked key, when they were created and by whom, expiry, last used time, and permissions. Use Create key to make a new one.

Create API key

When creating a key you set a Name to identify its use, choose Permissions as read or write per resource group, and pick an Expiry date. Grant only what the integration needs. After creating, copy the secret immediately, it is shown only once.

Permissions

Permissions are grouped by resource, such as Partners and Commissions, with read and write options. Portal sessions is a write permission used by portal embeds. Choose the minimum set the integration requires.

Revoke

Revoking a key from its row menu stops it working immediately. Use this if a key is no longer needed or may be exposed.

Setup walkthrough

1

Open API Keys

Go to API Keys.
2

Create a key

Select Create key, name it, choose permissions, and set an expiry.
3

Copy the secret

Copy the key when shown; it will not appear again.
4

Build your calls

Use the API Reference for endpoints, the authentication header, and code samples.

How-to guides

Create and manage API keys

Create a scoped, time-limited API key, capture its one-time secret, and revoke it when it is no longer needed.

Limits & gotchas

API access is a paid add-on and must be enabled on your plan. The secret is shown only once at creation, so store it securely; if you lose it, create a new key. Grant the narrowest permissions and set an expiry so keys do not outlive their use.

Troubleshooting

  • Requests are rejected - confirm the key is active, not expired, and has the required permission.
  • The Create key control is unavailable - API access may not be enabled on your plan.
  • You lost the secret - secrets cannot be retrieved; create a new key and revoke the old one.

API reference

Authentication

How to authenticate requests.

API reference

Endpoints and code.