Skip to main content

Generating an API Key

Create an access token that allows you to use SmartSuite's REST API

Peter Novosel avatar
Written by Peter Novosel
Updated over 3 months ago

Plan Availability

All plan types

Permissions

General Access: Can generate API keys for their own user account.

Related Reading


Key Concepts

API Keys in SmartSuite enable secure communication between your workspace and external applications. These keys are user-specific, granting the same permissions as the user generating the key. Important: Treat your API key as a password—do not share it with others. You can regenerate it if necessary.


Why Use an API Key?

  • Authentication: Verifies the user making the API request.

  • User-Specific Permissions: Ensures requests match the rights of the API key holder.

  • Regeneration: Allows easy revocation and creation of new keys for security.


How to Generate an API Key

Follow these steps to create your API key:

  1. Login as the Relevant User: Ensure you are logged in as the user whose API permissions match the intended functionality.

  2. Access the API Key Option:

    • Click your username in the top-right corner of the SmartSuite interface.

    • Select API Key from the dropdown menu.

  3. Generate a New Key:

    • Click the Generate New Key button.

    • Copy the key displayed for use in your API configuration.


Regenerating or Revoking an API Key

If your API key is compromised, you can invalidate it and generate a new one.

  1. Login as the Affected User: Use the account tied to the compromised API key.

  2. Access the API Key Option:

    • Click your username in the top-right corner of the SmartSuite interface.

    • Select API Key from the dropdown menu.

  3. Revoke and Regenerate the Key:

    • Click Destroy Token to deactivate the old key.

    • Click Generate New Token to create a replacement.

  4. Update API Configuration: Replace the old key with the new one in your external application settings.

IMPORTANT NOTE: Destroyed Tokens immediately become invalid. Existing integrations using the key must be updated with a new token to continue to operate.


Practical Scenarios and Use Cases

1. Departmental Automation

  • Scenario: A marketing team wants to automate campaign updates.

  • Solution: Generate a team-specific API key to integrate with third-party tools, keeping access secure and precise.

2. Restricted Access for Development

  • Scenario: A developer needs API access to update specific project data.

  • Solution: Create a dedicated user account with minimal permissions and generate its API key.

3. Secure Integration with Reporting Tools

  • Scenario: The finance team integrates SmartSuite data with analytics platforms.

  • Solution: Use an API key tied to a limited-access account to ensure data security.


Tips for Using API Keys

  • Always use accounts that are configured with the minimal permissions necessary for your API integrations.

  • Regularly review and regenerate API keys to maintain security.

  • Immediately revoke keys if suspicious activity is detected.

For further details, visit our SmartSuite API Documentation.

Did this answer your question?