🔑 API Keys
Manage API keys for integrating external systems with RepairMinder.
What Are API Keys?
API keys authenticate external applications to access RepairMinder data:
- Website integrations
- Custom applications
- Third-party services
- Automation tools
Viewing API Keys
- Go to Settings → API Keys
- See all active keys
- View key details and usage
Creating an API Key
- Click Create API Key
- Enter a name (describes what it's for)
- Select permissions (what the key can access)
- Click Create
- Copy the key immediately (won't be shown again)
Naming Keys
Use descriptive names:
- ✅ "Website Contact Form"
- ✅ "Zapier Integration"
- ❌ "Key 1"
- ❌ "Test"
API Key Permissions
| Permission | Access |
|---|---|
| Read Orders | View order data |
| Write Orders | Create/update orders |
| Read Clients | View client data |
| Write Clients | Create/update clients |
| Read Devices | View device data |
| Write Devices | Add devices to orders |
Grant only the permissions needed.
Securing API Keys
Keep Keys Secret
- Never expose keys in client-side code
- Don't commit keys to version control
- Use environment variables
- Share keys only with trusted systems
IP Restrictions
Limit which IPs can use a key:
- Edit the API key
- Add Allowed IPs
- Only those IPs can use the key
Key Rotation
Regularly rotate keys for security:
- Create a new key
- Update your integration
- Verify it works
- Delete the old key
Monitoring Key Usage
View how keys are being used:
- Request count
- Last used timestamp
- Endpoint access
- Error rates
Revoking API Keys
If a key is compromised or no longer needed:
- Find the key
- Click Revoke
- Confirm
The key stops working immediately.
Rate Limits
API keys are subject to rate limits:
- 100 requests per minute
- Exceeding returns 429 error
- Implement backoff in your code
API Documentation
Full API documentation is available:
- Go to Settings → API Keys
- Click API Documentation
- Browse endpoints and examples
Testing API Keys
Test keys before production:
- Create a test key
- Use the test environment
- Verify everything works
- Create production key
Troubleshooting
Key Not Working
- Check key is copied correctly
- Verify key has correct permissions
- Check IP restrictions
- Ensure key isn't revoked
Getting 401 Errors
- Key is invalid or expired
- Check Authorization header format
- Verify key permissions
Getting 429 Errors
- Rate limit exceeded
- Slow down requests
- Implement retry with backoff
Best Practices
✅ Do
- Use descriptive key names
- Grant minimum necessary permissions
- Rotate keys regularly
- Monitor key usage
❌ Don't
- Share keys in public repositories
- Use the same key for everything
- Ignore revoked key warnings
- Grant full permissions unnecessarily
Next Steps
- Public API - API usage guide
- WordPress - WordPress integration