Skip to main content

Admin Controls

Administrative controls are available to internal platform administrators for external API governance.

Key Management

  • Create and rotate API keys per client.
  • Define scope permissions by key.
  • Optional key expiration dates.
  • Revoke keys immediately.
  • Keys are production-only.
  • Keys are company-scoped and can access company-level data for granted scopes.

Security Controls

  • Optional IP allowlisting per key.
  • Audit logging for key usage and failed auth attempts.

Operational Controls

  • Per-key and per-client rate limits.
  • Endpoint-level access restrictions.
  • Temporary suspension controls for incident response.
  1. Issue least-privilege scopes.
  2. Share key scope implications with integrators before issuance.
  3. Rotate keys on a fixed schedule.
  4. Review audit logs weekly.
  5. Revoke unused keys immediately.