integration

Public API keys

Build your own dashboards without OAuth overhead.

Tenant admins mint API keys with custom scopes. Keys are shown ONCE at creation. The backend stores only a 12-char prefix + SHA-256 hash so a DB leak cannot be used.

Format: cr_<tenant_id>_<32-char random> — 252 bits of entropy
X-API-Key header takes precedence over JWT
Per-key expiry, enable/disable, rotate
last_used_at tracked for auditing

How it works

api/deps.get_current_user checks X-API-Key first. If present + valid, the request runs as the tenant's first admin. JWT is the fallback path.

Mint a key at /dashboard/api-keys.

Start free Sign in

More integration features

Outbound webhooks
12 events. HMAC-signed. Delivery audited.