API Keys & Access Security

To ensure secure, reliable, and controlled access to our platform, all API interactions are authenticated using API keys. An API key uniquely identifies your application and authorizes it to interact with our services, providing a robust layer of protection for both your data and our infrastructure.

Creating and Managing API Keys

You can generate and manage API keys through the our Dashboard. Create, edit, rotate, or revoke keys directly from your account dashboard.

Each API key is independent and can be managed lifecycle-wise without impacting other integrations.

Fine-Grained Permissions

Every API key can be configured with specific feature-level permissions. This allows you to precisely control which parts of the system a given key can access.

For example, you may issue:

• A read-only key for reporting or analytics
• A restricted key for a single product or feature
• A full-access key for trusted backend services

This principle of least privilege helps minimize risk while maximizing operational flexibility.

IP Address Restrictions

To further strengthen security, API keys can now be restricted to a defined set of IP addresses.

When creating or editing an API key, you may optionally configure an IP allowlist:

• Only requests originating from the specified IP addresses or CIDR ranges will be accepted.
• Requests from any other IP will be automatically rejected, even if the API key is valid.

This feature is particularly useful for:

• Backend services running from fixed infrastructure
• Preventing key misuse in case of accidental exposure
• Enforcing network-level security policies

IP restrictions can be updated at any time without regenerating the key.

Using an API Key

To authenticate a request, include your API key in the request headers:

X-API-KEY: <your-api-key>

No additional authentication steps are required.