Developer platform & API

Create and scope an API key

Mint keys with per-resource permissions, capped by your own role.

3 min read · Updated June 28, 2026


API keys let your own tools talk to Stoatify. Every key is bound to one organization and capped by your own role, so a key can only ever do what you can, and you scope each key to exactly the resources and actions it needs.

  1. 1Open Settings → Developer and choose New API key.
  2. 2Grant per-resource permissions (view, add, change, delete) on each object type.
  3. 3Name the key and create it, then copy the secret now, it's shown only once.
  4. 4Use it as a bearer token: Authorization: Bearer sk_....
  • Keys are stored hashed, and never bypass your access controls, restrictions still apply.
  • A key shrinks with your role: if you lose a permission later, keys you made lose it too.
  • Rotate or revoke a key any time.
  • Key management is session-only: for safety, a key can't create, rotate, or revoke keys.

Good to know

Creating API keys is part of the paid plans (Pro on personal, Team on business). See Plans and what they include.

Tip

Prefer a ready-made tool? Use the CLI or SDK. And treat keys like passwords, see Securing programmatic access.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app