API Keys
An API key is what a real event's X-API-Key header has to match to be accepted — see Sending events for the full request shape. No install ships with a default key, so generating one here is always the first real step before anything can send data in.
Generating a key
A key just needs a label — something that tells you where it's used later, e.g. the name of the system that holds it ("Checkout service", "Support tool"). The full key value is shown exactly once, right after generating it:
A freshly generated key, shown once, plus the existing keys listed below with their values masked.
After that, the table only ever shows a masked preview (sk_6da…d84a) — Reveal shows the full value again on demand (useful if it needs to be re-entered somewhere), and Hide masks it again.
One key per system
Generate a separate key for each system that sends events, rather than sharing one everywhere — a key can be revoked the moment a given integration is decommissioned or a credential leaks, without having to update or interrupt anything else that's still sending real data.
Revoking a key
Revoke disables a key immediately and permanently — any request still using it afterward gets rejected the same way an invalid key always would. There's no way to un-revoke one; generate a new key and update whatever system needs it instead.
Last updated 9 July 2026