> ## Documentation Index
> Fetch the complete documentation index at: https://docs.introw.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys & REST API

> Create scoped API keys, set permissions and expiry, and revoke keys in Introw - then build against the public REST API documented in the API Reference.

**Open in Introw:** [API Keys](https://app.introw.io/settings/developers/api-keys)

## How it works

You manage API keys on the API Keys page under Developers. Each key carries the permissions you grant
and an expiry you choose. The secret is shown only once when you create it, so you copy it then and
store it securely. Your code sends the key with each request to authenticate, and the API enforces the
key's permissions on every call.

The endpoints themselves, request and response shapes, authentication header, and code samples, live in
the API Reference. This page covers creating and managing keys; use the API Reference to build the calls.

## Prerequisites

* Developer settings permission on your role.
* API access enabled on your plan.

## Settings & configuration

API keys are managed at [API Keys](https://app.introw.io/settings/developers/api-keys).

### API keys

The page lists your keys with their name, a masked key, when they were created and by whom, expiry, last
used time, and permissions. Use **Create key** to make a new one.

### Create API key

When creating a key you set a **Name** to identify its use, choose **Permissions** as read or write per
resource group, and pick an **Expiry date**. Grant only what the integration needs. After creating, copy
the secret immediately, it is shown only once.

### Permissions

Permissions are grouped by resource, such as Partners and Commissions, with read and write options.
Portal sessions is a write permission used by portal embeds. Choose the minimum set the integration
requires.

### Revoke

Revoking a key from its row menu stops it working immediately. Use this if a key is no longer needed or
may be exposed.

## Setup walkthrough

<Steps>
  <Step title="Open API Keys">
    Go to [API Keys](https://app.introw.io/settings/developers/api-keys).
  </Step>

  <Step title="Create a key">
    Select Create key, name it, choose permissions, and set an expiry.
  </Step>

  <Step title="Copy the secret">
    Copy the key when shown; it will not appear again.
  </Step>

  <Step title="Build your calls">
    Use the API Reference for endpoints, the authentication header, and code samples.
  </Step>
</Steps>

## How-to guides

<CardGroup cols={2}>
  <Card title="Create and manage API keys" icon="book-open" href="/features/developer/api/guides/create-and-manage-api-keys">
    Create a scoped, time-limited API key, capture its one-time secret, and revoke it when it is no longer needed.
  </Card>
</CardGroup>

## Limits & gotchas

<Warning>
  API access is a paid add-on and must be enabled on your plan. The secret is shown only once at creation, so store it securely; if you lose it, create a new key. Grant the narrowest permissions and set an expiry so keys do not outlive their use.
</Warning>

## Troubleshooting

* **Requests are rejected** - confirm the key is active, not expired, and has the required permission.
* **The Create key control is unavailable** - API access may not be enabled on your plan.
* **You lost the secret** - secrets cannot be retrieved; create a new key and revoke the old one.

## API reference

<CardGroup cols={2}>
  <Card title="Authentication" icon="lock" href="/general/authentication">
    How to authenticate requests.
  </Card>

  <Card title="API reference" icon="code" href="/general/introduction">
    Endpoints and code.
  </Card>
</CardGroup>
