How it works
You manage API keys on the API Keys page under Developers. Each key carries the permissions you grant and an expiry you choose. The secret is shown only once when you create it, so you copy it then and store it securely. Your code sends the key with each request to authenticate, and the API enforces the key’s permissions on every call. The endpoints themselves, request and response shapes, authentication header, and code samples, live in the API Reference. This page covers creating and managing keys; use the API Reference to build the calls.Prerequisites
- Developer settings permission on your role.
- API access enabled on your plan.
Settings & configuration
API keys are managed at API Keys.API keys
The page lists your keys with their name, a masked key, when they were created and by whom, expiry, last used time, and permissions. Use Create key to make a new one.Create API key
When creating a key you set a Name to identify its use, choose Permissions as read or write per resource group, and pick an Expiry date. Grant only what the integration needs. After creating, copy the secret immediately, it is shown only once.Permissions
Permissions are grouped by resource, such as Partners and Commissions, with read and write options. Portal sessions is a write permission used by portal embeds. Choose the minimum set the integration requires.Revoke
Revoking a key from its row menu stops it working immediately. Use this if a key is no longer needed or may be exposed.Setup walkthrough
Open API Keys
Go to API Keys.
How-to guides
Create and manage API keys
Create a scoped, time-limited API key, capture its one-time secret, and revoke it when it is no longer needed.
Limits & gotchas
Troubleshooting
- Requests are rejected - confirm the key is active, not expired, and has the required permission.
- The Create key control is unavailable - API access may not be enabled on your plan.
- You lost the secret - secrets cannot be retrieved; create a new key and revoke the old one.
API reference
Authentication
How to authenticate requests.
API reference
Endpoints and code.