Generating an API Key
Open the API Keys Panel
Log in to your workspace and navigate to Settings → API Keys in the left sidebar.
Name Your Key
Give the key a descriptive name that reflects its purpose — for example,
production-backend, ci-pipeline, or local-dev. A clear name makes it easier to audit and revoke specific keys later.Select Scopes
Choose the permission scopes this key should have. Applying the minimum scopes necessary reduces risk if the key is ever compromised. See the Key Scopes section below for a full breakdown.
Using Your API Key
Pass your API key in theAuthorization header using the Bearer scheme on every request. The examples below show the same request across three common tools.
- cURL
- Python
- JavaScript
YOUR_API_KEY with the key you copied from the dashboard. All API endpoints are served over HTTPS — plain HTTP requests are rejected.
Key Scopes
When generating an API key you select one or more scopes that define exactly what that key can do. Granting only the scopes your integration actually needs limits the blast radius of a compromised credential.| Scope | Access Granted |
|---|---|
read:all | Read access to all resources (users, projects, records, settings) across the workspace |
write:all | Create and update access to all non-administrative resources |
admin | Full access including team management, billing, and API key administration |
The
admin scope encompasses all read:all and write:all permissions, so you don’t need to stack scopes. Reserve admin keys for trusted internal systems and human operators.Security Best Practices
Authentication Errors
If your API requests return an error status, the table below explains the most likely cause and how to fix it.| Status Code | Error | Meaning | Fix |
|---|---|---|---|
401 | Unauthorized | The API key is missing, malformed, or has been revoked | Double-check the Authorization: Bearer ... header is present and the key is copied correctly with no whitespace |
403 | Forbidden | The key is valid but lacks the scope required for this endpoint | Open Settings → API Keys, edit the key, and add the necessary scope (e.g., write:all for POST/PATCH requests) |
429 | Too Many Requests | Your key has exceeded its rate limit for the current window | Back off and retry after the number of seconds indicated in the Retry-After response header; review the Rate Limits page for per-plan limits |