Docs/Security/API Keys

API Keys

How API keys work for accessing the SkyKoi platform.

API keys provide programmatic access to the SkyKoi API. Each key is scoped to an organization and inherits the creating user's permissions.

Key Format

text

Production: sk_live_a1b2c3d4e5f6g7h8i9j0...
Development: sk_test_a1b2c3d4e5f6g7h8i9j0...

Creating Keys

•Navigate to Dashboard → Settings → API Keys
•Click Create New Key
•Give your key a descriptive name
•Copy the key immediately — it will only be shown once
•The key is SHA-256 hashed before storage

Security Best Practices

•Store keys in environment variables, never in code
•Use sk_test_* keys for development, sk_live_* for production
•Rotate keys every 90 days
•Revoke compromised keys immediately from the dashboard
•Use the principle of least privilege
•Monitor key usage in the dashboard analytics

Key Management

GET/api/settings

List all API keys for your organization

POST/api/settings

Create a new API key

DELETE/api/settings/:keyId

Revoke an API key

⚠️API keys are hashed before storage. If you lose a key, you'll need to create a new one. Multiple active keys are supported for zero-downtime rotation.

Previous← Security Model

NextBilling Overview →