API Keys

API keys let you access Cleotic programmatically as an alternative to browser-based authentication. They're useful for integrations, automation, and building custom workflows on top of Cleotic data.

How API keys work

Instead of signing in through the browser and using a session token, you can authenticate API requests by including an API key in the X-API-Key header:

X-API-Key: your-api-key-here

API keys are scoped to your organisation -- any request made with the key has access to all projects and data in your organisation, just like signing in through the browser.

Creating an API key

1. Go to Settings and click API Keys
2. Click Create API Key
3. Enter a descriptive name for the key (e.g., "CI Integration", "Reporting Script")
4. Click Create

The full API key is displayed once. Copy it immediately and store it securely. You won't be able to see the full key again after closing the dialog.

After creation, only the key's prefix (first few characters) is shown in the list, along with:

• Name -- The label you gave it
• Created date -- When the key was created
• Last used -- When the key was last used to make an API request

Deleting an API key

If a key is compromised or no longer needed:

1. Find the key in the API Keys list
2. Click Delete
3. Confirm the deletion

Deletion is immediate. Any integrations using the key will stop working.

Tips

• Use descriptive names. Name keys after their purpose ("Zapier Integration", "Monthly Report Script") so you know what each one is used for.
• Rotate keys periodically. Create a new key, update your integrations, then delete the old one.
• Don't share keys. Each team member or integration should have its own key. This makes it easy to revoke access for a specific integration without affecting others.
• Store keys securely. Use environment variables or a secrets manager. Never commit API keys to source control.

Related

• Plans and usage -- Your plan and resource limits
• Profile and organisation -- Account settings