Skip to main content
All CollectionsAPI
Generating an API Key
Generating an API Key

Create an access token that allows you to use SmartSuite's REST API

Peter Novosel avatar
Written by Peter Novosel
Updated over 2 weeks ago

Plan Availability

All plan types

Permissions

General Access: Can generate API keys for their own user account.

Related Reading

SmartSuite API Documentation

Key Concepts

API Keys in SmartSuite enable secure communication between your workspace and external applications. These keys are user-specific, granting the same permissions as the user generating the key. Important: Treat your API key as a password—do not share it with others. You can regenerate it if necessary.

Why Use an API Key?

  • Authentication: Verifies the user making the API request.

  • User-Specific Permissions: Ensures requests match the rights of the API key holder.

  • Regeneration: Allows easy revocation and creation of new keys for security.

How to Generate an API Key

Follow these steps to create your API key:

  1. Login as the Relevant User: Ensure you are logged in as the user whose API permissions match the intended functionality.

  2. Access the API Key Option:

    • Click your username in the top-right corner of the SmartSuite interface.

    • Select API Key from the dropdown menu.

  3. Generate a New Key:

    • Click the Generate New Key button.

    • Copy the key displayed for use in your API configuration.

Regenerating or Revoking an API Key

If your API key is compromised, you can invalidate it and generate a new one.

  1. Login as the Affected User: Use the account tied to the compromised API key.

  2. Access the API Key Option:

    • Click your username in the top-right corner of the SmartSuite interface.

    • Select API Key from the dropdown menu.

  3. Revoke and Regenerate the Key:

    • Click Destroy Token to deactivate the old key.

    • Click Generate New Token to create a replacement.

  4. Update API Configuration: Replace the old key with the new one in your external application settings.

IMPORTANT NOTE: Destroyed Tokens immediately become invalid. Existing integrations using the key must be updated with a new token to continue to operate.

Practical Scenarios and Use Cases

1. Departmental Automation

  • Scenario: A marketing team wants to automate campaign updates.

  • Solution: Generate a team-specific API key to integrate with third-party tools, keeping access secure and precise.

2. Restricted Access for Development

  • Scenario: A developer needs API access to update specific project data.

  • Solution: Create a dedicated user account with minimal permissions and generate its API key.

3. Secure Integration with Reporting Tools

  • Scenario: The finance team integrates SmartSuite data with analytics platforms.

  • Solution: Use an API key tied to a limited-access account to ensure data security.

Tips for Using API Keys

  • Always use accounts that are configured with the minimal permissions necessary for your API integrations.

  • Regularly review and regenerate API keys to maintain security.

  • Immediately revoke keys if suspicious activity is detected.

For further details, visit our SmartSuite API Documentation.

Related Articles
Retrieving your API Key and Workspace Id
Sorting and Filtering Records in the REST API
Bulk Record Actions in the REST API
Did this answer your question?