Skip to main content
All CollectionsAPI
REST API Permissions
REST API Permissions

Understanding SmartSuite API Keys and Permissions

Peter Novosel avatar
Written by Peter Novosel
Updated over a month ago

Learn how API keys and permissions work in SmartSuite's REST API to securely manage data access and operations.

Plan Availability:

All plan types

Permissions:

User permissions mirror workspace access levels.

Related Reading:

SmartSuite API Documentation

What Are REST API Permissions?

REST API permissions determine what actions you can perform through SmartSuite's API, based on your assigned workspace permissions.

  • Full Permissions: Users with full Solution access can create, retrieve, update, and delete records in any associated App.

  • Read-Only Access: Users with read-only permissions can only fetch records. Attempting to perform other actions will result in an error.

  • Your API key conveys the permissions assigned to your Member in a particular workspace.

Note: A best practice is to create an API Member account that has only those permissions necessary to perform the actions required for your integration.

Key Points About API Permissions

Treat Your API Key Like a Password

  • Your API key carries all permissions associated with your account.

  • Use it only with trusted applications or services.

Best Practices for Secure API Usage

  1. Dedicated API Access Accounts: Create user workspaces specifically for API access, limiting permissions to the minimum required for their tasks.

  2. Avoid Administrator-Level Permissions: Do not use Administrator accounts for API automation to reduce security risks.

Practical Scenarios and Use Cases

1. Automated Data Entry

Scenario: A marketing team wants to automate adding new leads into SmartSuite from an external CRM.

Solution: Use an API key with write permissions for the relevant Solution and App.

2. Data Synchronization

Scenario: The engineering team syncs SmartSuite records with an external issue-tracking tool.

Solution: Set up a read-only API key to fetch records safely and ensure external applications cannot modify SmartSuite data.

3. Controlled Access for Third-Party Tools

Scenario: A business integrates a third-party analytics platform with SmartSuite. Solution: Create a dedicated workspace for API access and assign it minimal permissions to safeguard sensitive data.

Important Warnings

  • Treat your API key as sensitive information. Exposure can grant unauthorized access to your SmartSuite data.

  • Regularly review and rotate API keys to maintain security.

How to Generate and Manage API Keys

  1. Log in to your SmartSuite workspace.

  2. Navigate to your User Profile by clicking the profile icon in the top-right corner.

  3. Select API Settings from the dropdown menu.

  4. Click Generate New API Key and assign a name for easy identification.

  5. Copy the key and store it securely. (Note: This will not be retrievable again.)

  6. Use the key in your API calls to authenticate requests.

To deactivate or delete an API key:

  • Go to the API Settings section.

  • Locate the API key you want to manage.

  • Select Deactivate or Delete to remove access.

Related Articles
Automate Your Workflows with Zapier
Retrieving your API Key and Workspace Id
Sorting and Filtering Records in the REST API
Bulk Record Actions in the REST API
Did this answer your question?