API keys are used to authenticate your requests to:
  • REST API endpoints
  • SDK integrations
  • Webhook endpoints
Each workspace can have multiple API keys, all sharing the same permission level.

REST API Authentication

To authenticate your REST API requests, include your API key in the request headers: 
Authorization: Bearer YOUR_API_KEY
Try out authentication in our API Playground to see it in action.

Webhook API Key

For enhanced security, we automatically designate one of your API keys for webhook authentication. This designated webhook API key:
  • Is used to sign and verify webhook requests
  • Cannot be deleted
  • Ensures your webhook endpoints only receive legitimate requests
Keep your API keys secure and never share them in public repositories or client-side code.