Introduction
Copy.ai's enhanced API key management system provides greater security, flexibility, and control over your API access while ensuring your existing integrations continue to work without interruption. This update is based directly on customer feedback and implements security best practices for organizations using our API for critical workflows.
Demo
Benefits
These improvements make it easier to:
Rotate keys regularly (security best practice)
Maintain separate keys for different environments (dev, staging, production)
Create temporary access for contractors or specific projects
Control access levels by a user's Teamspaces
Who Can Access API Key Management
Important: API Key management is restricted to:
Workspace Owners
Workspace Admins
Regular workspace members will not have access to this feature.
Accessing API Key Management
Log in to your Copy.ai account
Navigate to the Configuration page (in the left sidebar)
Click on the API Keys card in the Configuration dashboard
You'll be taken to the API Keys management interface
The API Key Management Interface
The interface provides a comprehensive view of all your API keys with the following information:
Column | Description |
Name | The name of the API key |
Assigned to | Which user the key is assigned to (controls access permissions) |
Created by | Which user created the key |
Created at | The date when the key was created |
Expires at | When the key will expire (or "Never") |
Last accessed | The last time the key was used |
Status | Whether the key is currently Active or Disabled |
Actions | Menu with options to manage the key |
Note: If you had an API key before this update (labeled as "Legacy API Key"), it will continue to work without any changes needed. These legacy keys may not have a specific user associated with them.
Managing Existing Keys
For each API key, you have several management options available in the Actions menu:
Disabling/Enabling Keys
Click Disable to temporarily turn off an API key without deleting it
Click Enable to reactivate a disabled key
Renaming Keys
Click Rename to give the key a more descriptive name
Enter the new name and confirm
Deleting Keys
Click Delete to permanently remove a key
Type "delete" in the confirmation prompt
Warning: This action cannot be undone
Creating New API Keys
Click the Create API Key button in the top-right corner of the API Keys page
Enter a descriptive name for the key
Select a user to associate with the key
The key will inherit all access permissions of the selected user
For restricted access, choose a user with limited permissions
Example: To restrict API access to specific team spaces, select a user (like "Teamspace Member") who only has access to those particular team spaces
Set an expiration date
Default: Never expires
Option: 12 months from creation date (recommended for security)
Click Create to generate the key
Key Expiration Notifications
When a key with an expiration date is approaching its expiration:
The workspace owner will receive an email notification
The user assigned to the key will receive an email notification
This gives you time to create a new key before the existing one expires
Securing Your New Key
After creation, you'll be shown your API key once and only once. At this point, you have two options:
Show the key - Click to reveal the key on screen
Copy the key - Use the copy button to copy the key to your clipboard
Make sure to store the key in a secure location (password manager recommended) before clicking Done.
Important: If you lose your key, you cannot recover it for security reasons. You'll need to create a new key and update any integrations using the old key.
Security Best Practices
For optimal security and flexibility, we recommend:
Create purpose-specific keys for different applications and environments
Implement key rotation every 6-12 months by setting an expiration date
Assign appropriate user permissions to limit the scope of each key
Monitor "Last Accessed" dates to identify unused keys
Disable or delete keys that are no longer needed
Controlling Access with User Assignment
One of the most powerful features of the new API key management system is the ability to control access at the user level:
Workspace-wide access: Assign the key to a Workspace Owner or Admin for full access
Team space-specific access: Assign the key to a user who only has access to specific team spaces
Temporary access: Create a new user with specific permissions, then create a key assigned to that user with an expiration date
Troubleshooting
If a key unexpectedly stops working:
Check if the key has been disabled or deleted
Verify the key hasn't expired
Confirm the associated user still has the necessary permissions
Create a new key if needed