Your API key authenticates your requests to the Canvelete API. This guide covers creating, managing, and securing your keys.
Creating an API Key
- Log in to your Dashboard
- Navigate to Integrations or Settings → API Keys
- Click "Create API Key"
- Give it a descriptive name (e.g., "Production Server" or "Zapier Integration")
- Click Create
Warning: Your full API key is only shown once when you create it. Copy it immediately and store it securely!
Where to Store Your Key
Recommended storage options:
| Method | Best For |
|---|---|
| Environment Variables | Server-side applications |
| Password Manager | Personal reference |
| Secrets Manager (AWS, GCP, etc.) | Production deployments |
.env file (gitignored) | Local development |
Example using environment variables:
bash# .env file (never commit this!) CANVELETE_API_KEY=your_api_key_here
javascript// In your code const apiKey = process.env.CANVELETE_API_KEY;
Managing API Keys
In the API Keys section, you can:
- View all keys — Only the prefix is shown for security
- Check usage — See when each key was last used
- Revoke keys — Immediately disable compromised or unused keys
Security Best Practices
Warning: Never do this:
- Expose your API key in client-side code (browsers, mobile apps)
- Commit API keys to version control
- Share keys via email or chat
Success: Always do this:
- Use environment variables:
process.env.CANVELETE_API_KEY- Create separate keys for different environments (dev, staging, production)
- Rotate keys periodically (every 90 days recommended)
- Revoke keys immediately if compromised
- Revoke keys immediately if compromised
Using Your API Key
Include it in the Authorization header:
Authorization: Bearer YOUR_API_KEY