Itsy Docs
Settings

API Keys

Create and manage API keys for integrating external systems with your workspace.

External applications authenticate with your workspace's public API through API keys. Each key targets one environment and enforces a rate limit.

How It Works

To create an API key, name it, select an environment, and optionally set a rate limit and expiration date. Itsy generates a unique key and displays it once — copy it immediately. Only a hashed version is stored.

When an external application sends an API request, it includes the key in the request header. Itsy validates the key, identifies the workspace, and enforces the rate limit.

Key Concepts

API Key Properties

PropertyDescription
NameA label for the key's purpose (e.g., "Website Integration" or "CRM Sync")
EnvironmentThe API environment the key targets: Production, Preview, or Local Dev
Rate LimitMaximum requests per minute (default: 60, minimum: 1)
ExpirationOptional date when the key becomes invalid
StatusActive, Expired, or Revoked
Last UsedTimestamp of the most recent API call with this key

Environments

Each key targets one environment:

EnvironmentPurpose
ProductionLive API access for production integrations
PreviewStaging and testing for development
Local DevLocal development and debugging

Key Format

API keys follow the format itsy_{environment}_sk_{random}. The prefix appears in the key list for identification. The full key appears only once, at creation.

Key Security

  • The full key appears only once when created or rotated — copy it immediately
  • Only a cryptographic hash is stored in the database
  • The prefix is stored separately so you can identify each key
  • Revoke a compromised key instantly

Key Lifecycle

Common Tasks

Creating an API Key

  1. Navigate to Settings > API Keys
  2. Click Add
  3. Enter a name
  4. Select the environment (Production, Preview, or Local Dev)
  5. Set the rate limit per minute (default: 60)
  6. Optionally set an expiration date
  7. Click Save
  8. Copy the key immediately — it will not appear again

Rotating a Key

To replace a key without changing its configuration:

  1. Find the key in the list
  2. Click Rotate Key
  3. Confirm — Itsy revokes the old key immediately
  4. Itsy generates a new key with the same name, environment, and rate limit
  5. Copy the new key immediately

Revoking a Key

If a key is compromised or obsolete:

  1. Find the key in the list
  2. Click Revoke
  3. Confirm

Itsy deactivates the key immediately. Integrations using it lose access.

How It Connects

  • Workspace — Each API key belongs to one workspace and can access only that workspace's data.
  • Billing — API usage may count against your subscription plan's limits.

Payment Providers

Connect and configure your payment gateway for processing online payments.

Billing

View your subscription plan, track usage limits, manage payments, and upgrade your workspace.

On this page

How It WorksKey ConceptsAPI Key PropertiesEnvironmentsKey FormatKey SecurityKey LifecycleCommon TasksCreating an API KeyRotating a KeyRevoking a KeyHow It Connects