Skip to main content

API Key Management

Updated over 2 weeks ago

Introduction

Copy.ai's enhanced API key management system provides greater security, flexibility, and control over your API access while ensuring your existing integrations continue to work without interruption. This update is based directly on customer feedback and implements security best practices for organizations using our API for critical workflows.

Demo

Benefits

These improvements make it easier to:

  • Rotate keys regularly (security best practice)

  • Maintain separate keys for different environments (dev, staging, production)

  • Create temporary access for contractors or specific projects

  • Control access levels by a user's Teamspaces

Who Can Access API Key Management

Important: API Key management is restricted to:

  • Workspace Owners

  • Workspace Admins

Regular workspace members will not have access to this feature.

Accessing API Key Management

  1. Log in to your Copy.ai account

  2. Navigate to the Configuration page (in the left sidebar)

  3. Click on the API Keys card in the Configuration dashboard

  4. You'll be taken to the API Keys management interface

The API Key Management Interface

The interface provides a comprehensive view of all your API keys with the following information:

Column

Description

Name

The name of the API key

Assigned to

Which user the key is assigned to (controls access permissions)

Created by

Which user created the key

Created at

The date when the key was created

Expires at

When the key will expire (or "Never")

Last accessed

The last time the key was used

Status

Whether the key is currently Active or Disabled

Actions

Menu with options to manage the key

Note: If you had an API key before this update (labeled as "Legacy API Key"), it will continue to work without any changes needed. These legacy keys may not have a specific user associated with them.

Managing Existing Keys

For each API key, you have several management options available in the Actions menu:

Disabling/Enabling Keys

  • Click Disable to temporarily turn off an API key without deleting it

  • Click Enable to reactivate a disabled key

Renaming Keys

  • Click Rename to give the key a more descriptive name

  • Enter the new name and confirm

Deleting Keys

  • Click Delete to permanently remove a key

  • Type "delete" in the confirmation prompt

  • Warning: This action cannot be undone

Creating New API Keys

  1. Click the Create API Key button in the top-right corner of the API Keys page

  2. Enter a descriptive name for the key

  3. Select a user to associate with the key

    • The key will inherit all access permissions of the selected user

    • For restricted access, choose a user with limited permissions

    • Example: To restrict API access to specific team spaces, select a user (like "Teamspace Member") who only has access to those particular team spaces

  4. Set an expiration date

    • Default: Never expires

    • Option: 12 months from creation date (recommended for security)

  5. Click Create to generate the key

Key Expiration Notifications

When a key with an expiration date is approaching its expiration:

  • The workspace owner will receive an email notification

  • The user assigned to the key will receive an email notification

  • This gives you time to create a new key before the existing one expires

Securing Your New Key

After creation, you'll be shown your API key once and only once. At this point, you have two options:

  1. Show the key - Click to reveal the key on screen

  2. Copy the key - Use the copy button to copy the key to your clipboard

Make sure to store the key in a secure location (password manager recommended) before clicking Done.

Important: If you lose your key, you cannot recover it for security reasons. You'll need to create a new key and update any integrations using the old key.

Security Best Practices

For optimal security and flexibility, we recommend:

  1. Create purpose-specific keys for different applications and environments

  2. Implement key rotation every 6-12 months by setting an expiration date

  3. Assign appropriate user permissions to limit the scope of each key

  4. Monitor "Last Accessed" dates to identify unused keys

  5. Disable or delete keys that are no longer needed

Controlling Access with User Assignment

One of the most powerful features of the new API key management system is the ability to control access at the user level:

  1. Workspace-wide access: Assign the key to a Workspace Owner or Admin for full access

  2. Team space-specific access: Assign the key to a user who only has access to specific team spaces

  3. Temporary access: Create a new user with specific permissions, then create a key assigned to that user with an expiration date

Troubleshooting

If a key unexpectedly stops working:

  1. Check if the key has been disabled or deleted

  2. Verify the key hasn't expired

  3. Confirm the associated user still has the necessary permissions

  4. Create a new key if needed

Did this answer your question?