API Keys

Learn how to create and manage API keys for programmatic access.

What are API Keys?

API keys are credentials that allow you to:

Access the Kaana API programmatically
Build custom integrations
Automate workflows
Connect third-party tools

Accessing API Key Settings

Go to Settings and select API Keys.

Note: Requires appropriate permissions.

Creating an API Key

Generate a New Key

Click + Create API Key.

Enter a name for the key (e.g., "Zapier Integration").

Click Create.

Copy the key immediately — it's only shown once!

Key Naming

Use descriptive names:

Include the purpose: "Slack Integration"
Include environment: "Dev Testing Key"
Include owner if shared: "John's Dashboard Key"

Viewing Your Keys

Your API keys list shows:

Key name
Created date
Last used date
Status (active/revoked)

You cannot view the full key after creation.

Using Your API Key

In API Requests

Include the key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Example with cURL

curl -X GET "https://app.kaana.com/api/projects" \
  -H "Authorization: Bearer abc123def456..." \
  -H "Content-Type: application/json"

Example with JavaScript

fetch('https://app.kaana.com/api/projects', {
  headers: {
    'Authorization': 'Bearer abc123def456...',
    'Content-Type': 'application/json'
  }
})

Example with Python

import requests

headers = {
  'Authorization': 'Bearer abc123def456...',
  'Content-Type': 'application/json'
}

response = requests.get('https://app.kaana.com/api/projects', headers=headers)

Revoking Keys

If a key is compromised or no longer needed:

Go to Settings > API Keys.

Find the key.

Click Revoke.

Confirm revocation.

Revoked keys immediately stop working. This cannot be undone.

Security Best Practices

Keep Keys Secret

Never share keys publicly
Don't put keys in source code
Use environment variables
Don't email keys

Store Securely

Good practices:

Use a secrets manager
Use environment variables
Encrypt at rest

Bad practices:

Storing in plain text files
Committing to git repositories
Sharing via unsecured channels

Rotate Keys

Create a new key.

Update your integrations.

Revoke the old key.

Least Privilege

Create separate keys for different uses
Revoke keys you no longer need
Audit key usage regularly

Key Permissions

API keys inherit your account permissions:

If you're an admin, the key has admin access
Tenant isolation is enforced
You can only access your organization's data

Troubleshooting

"Invalid API Key" Error

Verify the key is correct (no extra spaces)
Check if the key was revoked
Ensure you're using Bearer authentication

"Unauthorized" Error

Verify you have permission for the action
Check if your account is active
Confirm you're accessing the correct tenant

Key Not Working

Create a test request to /api/user.If it works, the issue is with the specific endpoint.If it fails, the key may be revoked or invalid.

Limits

Number of Keys

You can create multiple API keys:

Standard: Up to 5 active keys
Enterprise: Unlimited keys

Rate Limits

API keys share your account's rate limits:

100 requests/minute (standard)
Higher limits for enterprise

Best Practices Summary

Name keys descriptively — Know what each key is for.

Store securely — Use environment variables or secrets managers.

Rotate regularly — Replace keys periodically.

Revoke when done — Remove unused keys.

Monitor usage — Watch for unusual activity.

Use separate keys — One per integration.

PreviousAPI Authentication NextProjects

Last updated 1 month ago

Was this helpful?

Good afternoon

hashtagWhat are API Keys?

hashtagAccessing API Key Settings

hashtagCreating an API Key

hashtagGenerate a New Key

hashtagKey Naming

hashtagViewing Your Keys

hashtagUsing Your API Key

hashtagIn API Requests

hashtagExample with cURL

hashtagExample with JavaScript

hashtagExample with Python

hashtagRevoking Keys

hashtagSecurity Best Practices

hashtagKeep Keys Secret

hashtagStore Securely

hashtagRotate Keys

hashtagLeast Privilege

hashtagKey Permissions

hashtagTroubleshooting

hashtagLimits

hashtagNumber of Keys

hashtagRate Limits

hashtagBest Practices Summary