API Keys Management

Create, manage, and secure API keys for programmatic access to ChangeCrab.

All Articles

API Keys Management

Create, manage, and secure API keys for programmatic access to ChangeCrab. Learn how to generate keys, rotate them, and keep your API access secure.

Prerequisites

To manage API keys, you need:

  • A premium ChangeCrab subscription
  • Access to your account settings

Creating API Keys

To create a new API key:

  1. Go to Settings >gt; API Keys (or navigate to /api-keys)
  2. Click "Create New API Key"
  3. Give your key a descriptive name (e.g., "Production API", "CI/CD Pipeline")
  4. Click "Create"
  5. Copy the key immediately - You'll only see it once!
  6. Store it securely (environment variables, password manager)

Important: API keys are only shown once when created. If you lose a key, you'll need to create a new one and revoke the old one.

Managing API Keys

Viewing Keys

In the API Keys section, you'll see:

  • Key name/description
  • Creation date
  • Last used date
  • Status (active/inactive)

Enabling/Disabling Keys

You can temporarily disable keys without deleting them:

  1. Find the key in your list
  2. Toggle the active/inactive switch
  3. Disabled keys won't work but can be re-enabled

Deleting Keys

To permanently delete a key:

  1. Find the key you want to delete
  2. Click the delete/trash icon
  3. Confirm deletion
  4. The key will immediately stop working

Security Best Practices

Key Naming

  • Use descriptive names (e.g., "Production API", "Staging Webhook")
  • Include environment or purpose in the name
  • Make it easy to identify which service uses the key

Key Storage

  • Never commit keys to version control
  • Use environment variables
  • Store in secure password managers
  • Use secrets management services for production

Key Rotation

  • Rotate keys periodically (every 90 days recommended)
  • Create new key before revoking old one
  • Update all services using the key
  • Then revoke the old key

Access Control

  • Create separate keys for different services
  • Use different keys for production and staging
  • Revoke keys immediately if compromised
  • Monitor key usage regularly

Using API Keys

Include your API key in requests: 

curl -H "X-API-Key: your-api-key-here" \
  https://changecrab.com/api/changelogs

Learn more about API authentication.

Troubleshooting

Key Not Working

  • Verify the key is active (not disabled)
  • Check you're using the correct key
  • Ensure you're including it in the X-API-Key header
  • Verify your subscription is active

Key Revoked by Mistake

If you accidentally revoked a key, create a new one and update your services.

Next Steps