
Settings → Connections → API keys
Open the API keys screen and choose Create new API key.
Enter a clear key name.
Add an optional description to explain what the key is for.
Optionally set an expiration date in the future.
Select at least one scope for the key.
Create the key, then copy it right away and store it securely.
You can only view the full key once after creation.
Open the API keys list for your organisation.
Check each key’s name, description, and scope list.
Use the key hint to identify the right secret without exposing the full value.
Review last used time, last used IP, usage count, and expiration date.
Look for revoked keys and their revoke reason if one was provided.
The list shows up to 20 active keys.
Open the API keys list.
Find the key you want to retire.
Choose Revoke for that key.
Confirm the action if prompted.
Replace the old key in any integration that still uses it.
Revocation is immediate for that key.
Start with the smallest set of scopes your integration needs.
Add read scopes for lookups and write scopes only when the integration must change data.
Use delete scopes only for workflows that truly remove records.
If you are unsure which scope to grant, test with a narrower key first.
Public API, API keys and OAuth apps covers the broader authentication options.
You must select at least one scope before creating the key.
Check that you have an Owner or Admin role.
Make sure the name is filled in and not too long.
Remove an invalid expiration date and set a future date.
Select at least one scope before submitting.
Use a valid ISO 8601 date string.
Choose a date and time in the future.
Pick the date with the date picker instead of typing an incomplete value.
Copy the key immediately after creation.
Use the key hint to identify the saved secret later.
Create a new key and revoke the old one if the secret was lost.
Revoke an existing active key before creating a new one.
Remove keys you no longer use.
Keep only the keys needed for active integrations.
Check whether the key has been revoked.
Check whether the key has expired.
Replace the secret in the integration with the newest key value.