Managing API Keys

The API Keys page lets you create, view, and manage the keys your applications use to call the FourA API.

Viewing Your Keys

The page shows all keys you have access to:

  • Personal keys you created directly.
  • Organization keys if you're an org owner or admin.
  • Team keys shared with you through team membership.

Each row in the table shows:

Column What it shows
Name Display name and (optional) description
Key Masked prefix (e.g. pk_live_••••••••) with a Reveal button next to it
Owner ME for personal keys, TEAM for org or team-shared keys
IP Allowlist Restricted IPs if set, or "All IPs" if unrestricted
Expires Expiry date if set, or "Never"
Status Active or Inactive
Created When the key was created
Last Used When the key last made a request

Use the search box to filter by name or description, and the status filter to show only active or inactive keys.

Creating a Key

Click Create Key and fill in:

Field Required Description
Name Yes A descriptive label (e.g., "production-scraper" or "staging-test")
Description No Notes about what this key is used for

If you belong to an organization, you can also assign the key to that org instead of your personal account.

The full key is shown once right after creation in a copy-ready dialog. You can also bring it back later via Reveal (see below) as long as the key was created after the reveal feature shipped.

Keys use the pk_live_ prefix and look like: pk_live_a1b2c3d4e5f6.... You'll receive an email confirmation when a new key is created.

Revealing a Key

Click the eye icon next to a key's masked prefix to see its full secret again. The dashboard asks you to confirm, then opens a dialog with the plain key, a copy button, and a 15-second countdown. After the countdown, the dialog wipes the secret from the page.

Every reveal is recorded in the audit log because it exposes a live credential.

Legacy Keys

Keys created before this feature shipped show a lock icon instead of the eye and can't be revealed. Only their hash was stored, so the original secret is unrecoverable. To switch a legacy key over, click the actions menu and choose Regenerate. The new secret is revealable from then on.

Who Can Reveal

Role Can reveal
Key owner Yes
Org owner / admin (for org keys) Yes
Team member with write or admin permission Yes
Team member with read permission No

Editing a Key

Click Edit on any row to update:

  • Display name and description
  • IP allowlist (one IP per line; leave empty to allow any source IP)
  • Expiry date (leave empty for no expiry)

Other settings (org assignment, owner) aren't editable. Create a new key if you need different ownership.

Activating and Deactivating

Use the Disable / Enable button on the row to toggle a key's status. Deactivating a key blocks all API requests that use it. You can reactivate it at any time. The change takes effect within seconds.

Regenerating a Key

If you suspect a key has been compromised, open the actions menu (the three-dot button) and choose Regenerate. This creates a new secret for the same key ID. The old secret stops working immediately. All other settings (name, org assignment, IP allowlist, expiry) stay the same.

The new secret stays revealable after the dialog closes, so you don't have to copy it perfectly on the first try.

Deleting a Key

Open the actions menu and choose Delete. By default, deletion deactivates the key (soft delete). You can permanently remove it from the confirmation dialog.

You'll receive an email notification when a key is deleted.

Organization Keys

Keys created under an organization are shared with org members based on their role:

  • Owners and admins see and edit all org keys.
  • Members see only keys assigned to teams they belong to.

Org keys are automatically added to the organization's default team on creation.

Key Permissions Through Teams

Teams control who can access which keys. Each team-key assignment has a permission level:

Permission View key Reveal Edit key settings
read Yes No No
write Yes Yes Yes
admin Yes Yes Yes
Last updated: June 3, 2026