Managing API Keys
The API Keys page lets you create, view, and manage the keys your applications use to call the FourA API.
Viewing Your Keys
The page shows all keys you have access to:
- Personal keys you created directly.
- Organization keys if you're an org owner or admin.
- Team keys shared with you through team membership.
Each row in the table shows:
| Column | What it shows |
|---|---|
| Name | Display name and (optional) description |
| Key | Masked prefix (e.g. pk_live_••••••••) with a Reveal button next to it |
| Owner | ME for personal keys, TEAM for org or team-shared keys |
| IP Allowlist | Restricted IPs if set, or "All IPs" if unrestricted |
| Expires | Expiry date if set, or "Never" |
| Status | Active or Inactive |
| Created | When the key was created |
| Last Used | When the key last made a request |
Use the search box to filter by name or description, and the status filter to show only active or inactive keys.
Creating a Key
Click Create Key and fill in:
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive label (e.g., "production-scraper" or "staging-test") |
| Description | No | Notes about what this key is used for |
If you belong to an organization, you can also assign the key to that org instead of your personal account.
The full key is shown once right after creation in a copy-ready dialog. You can also bring it back later via Reveal (see below) as long as the key was created after the reveal feature shipped.
Keys use the pk_live_ prefix and look like: pk_live_a1b2c3d4e5f6.... You'll receive an email confirmation when a new key is created.
Revealing a Key
Click the eye icon next to a key's masked prefix to see its full secret again. The dashboard asks you to confirm, then opens a dialog with the plain key, a copy button, and a 15-second countdown. After the countdown, the dialog wipes the secret from the page.
Every reveal is recorded in the audit log because it exposes a live credential.
Legacy Keys
Keys created before this feature shipped show a lock icon instead of the eye and can't be revealed. Only their hash was stored, so the original secret is unrecoverable. To switch a legacy key over, click the actions menu and choose Regenerate. The new secret is revealable from then on.
Who Can Reveal
| Role | Can reveal |
|---|---|
| Key owner | Yes |
| Org owner / admin (for org keys) | Yes |
Team member with write or admin permission |
Yes |
Team member with read permission |
No |
Editing a Key
Click Edit on any row to update:
- Display name and description
- IP allowlist (one IP per line; leave empty to allow any source IP)
- Expiry date (leave empty for no expiry)
Other settings (org assignment, owner) aren't editable. Create a new key if you need different ownership.
Activating and Deactivating
Use the Disable / Enable button on the row to toggle a key's status. Deactivating a key blocks all API requests that use it. You can reactivate it at any time. The change takes effect within seconds.
Regenerating a Key
If you suspect a key has been compromised, open the actions menu (the three-dot button) and choose Regenerate. This creates a new secret for the same key ID. The old secret stops working immediately. All other settings (name, org assignment, IP allowlist, expiry) stay the same.
The new secret stays revealable after the dialog closes, so you don't have to copy it perfectly on the first try.
Deleting a Key
Open the actions menu and choose Delete. By default, deletion deactivates the key (soft delete). You can permanently remove it from the confirmation dialog.
You'll receive an email notification when a key is deleted.
Organization Keys
Keys created under an organization are shared with org members based on their role:
- Owners and admins see and edit all org keys.
- Members see only keys assigned to teams they belong to.
Org keys are automatically added to the organization's default team on creation.
Key Permissions Through Teams
Teams control who can access which keys. Each team-key assignment has a permission level:
| Permission | View key | Reveal | Edit key settings |
|---|---|---|---|
| read | Yes | No | No |
| write | Yes | Yes | Yes |
| admin | Yes | Yes | Yes |
Related
- Authentication: How API keys work with the API
- Organizations and Teams: Setting up shared access
- Dashboard Overview: All dashboard sections