Get Started
menu_bookBrowse docs

allv Docs

User API Keys

How customers use workspace API keys safely in external tools and automations.

What Workspace API Keys Are For

Workspace API keys identify trusted external systems acting on behalf of your workspace. Use them for approved automations and secure integrations.

  • check_circleCreate separate keys per integration for easier auditing.
  • check_circleUse naming conventions that include owner and purpose.
  • check_circleReview active keys monthly with your operations owner.

Safe Usage Pattern

Store keys in environment secrets and send them in a secure authorization header from your trusted systems.

bash
export ASSISTANT_KEY="<your-workspace-key>"
curl -H "Authorization: Bearer $ASSISTANT_KEY" https://your-integration.example/run

Rotate, Revoke, and Recover

  1. 1

    Rotate regularly

    Issue a new key on a regular security cadence.

  2. 2

    Cut over safely

    Update external systems before deleting the old key.

  3. 3

    Revoke immediately

    Delete keys right away if you suspect exposure.

  4. 4

    Document ownership

    Track who owns each key and when it was last reviewed.