Managing API Keys

API keys let you access the API from your own scripts, integrations, or third-party tools. This guide walks you through creating, organizing, and revoking keys from your dashboard.

  1. Click the Settings icon in the bottom-left corner of your dashboard.
  2. Select the API Keys tab from the settings menu.

You'll see a list of your active and revoked keys, along with a button to generate new ones.

Generate a New Key

  1. Click Generate New Key in the top-right area.
  2. Optionally enter a name to help you identify the key later (e.g., "Production", "Staging", "Inventory Sync").
  3. Click Generate Key.

Your new API key will be displayed in a modal.

Your API key is only shown once at creation. Copy it immediately and store it in a secure location. If you lose it, you'll need to generate a new one.

Click the Copy button to copy the key to your clipboard, then click Done to close the modal.

Using Your API Key

Include your API key in the Authorization header of every request, prefixed with ApiKey:

curl https://api.example.com/api/v1/inbound \
  -H "Authorization: ApiKey {your-api-key}" \
  -H "X-Warehouse-Id: {warehouse_id}"

For full authentication details, see Overview & Authentication.

Key Limits

You can have up to 5 active API keys at a time. If you've reached the limit, you'll need to revoke an existing key before generating a new one.

Revoke a Key

If a key is compromised or no longer needed, you can revoke it:

  1. Find the key in your Active Keys list.
  2. Click Revoke next to the key.
  3. Confirm the revocation in the dialog.

Revoking a key is immediate and permanent. Any application or script using that key will lose access instantly and cannot be restored. Make sure you've updated any systems using the key before revoking it.

Revoked keys remain visible in a separate Revoked Keys section for reference, showing the date they were revoked.

Best Practices

  • Name your keys by environment or purpose (e.g., "Production API", "Staging Tests", "Inventory Sync Script") so you can easily identify which key is used where.
  • Store keys in environment variables — never hard-code API keys in your source code or commit them to version control.
  • Rotate keys periodically — generate a new key, update your systems, then revoke the old one.
  • Use separate keys for different applications or environments so you can revoke one without affecting others.
  • Revoke unused keys — if a key is no longer in use, revoke it to reduce your security surface.

Was this page helpful?