Guide
Create an API key
Issue a Bearer-token credential for your own tooling — scopes, IP allow-list and one-time plaintext.
The Public API gives you programmatic access to domains, DNS, providers, change requests, tickets and reports. Every key is hashed at rest; the plaintext is shown exactly once at creation.
Step by step
- 1
Open API keys
Customers with the Public API plan-feature see API keys in the sidebar.
- 2
Create with the narrowest scopes
Pick only the scopes your tool needs — domains:read, dns:write, reports:read, etc. Less scope means smaller blast radius if the key leaks.
- 3
Optional IP allow-list
Restrict the key to a fixed set of source IPs (your office, a CI runner). Empty means no restriction.
- 4
Copy the plaintext now
The full key is shown once. Store it in your secrets manager — it cannot be recovered later.
- 5
Revoke when no longer needed
Revoking is one click; the prefix and creator stay so an incident review can trace which key was used.
Tip: Need to roll a key? Issue a new one with the same scopes, switch your tool over, then revoke the old one.