# API keys

## Introduction

You can authenticate Patchworks API requests using your dashboard credentials (OAuth 2) or API keys. 

If your user account has at least [manager-level permissions](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/roles-and-permissions-summary), you can generate and manage API keys to authenticate Patchworks API requests. 

## Need to know

* API keys are associated with the [manager role](https://doc.wearepatchworks.com/product-documentation/users-roles-and-permissions/roles-and-permissions-summary) scope.
* API keys are associated with a company profile (not a user profile).
* You can [generate](#generating-api-keys) as many API keys as required.
* API keys do not expire, but existing keys can be [revoked](#revoking-an-existing-api-key) or [deleted](#deleting-an-existing-api-key).
* An API key must be passed as an `authorization` value in request headers.

## Generating API keys

To generate a new API key, follow the steps below.

**Step 1**\
Log into the [Patchworks dashboard](https://app.wearepatchworks.com/login), then select the `general settings` option:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FXSjKf2v1VCwZSqDvwpsq%2Fapi%20keys%201.png?alt=media&#x26;token=ec1430c8-2275-44c9-af7e-e01528236820" alt="" width="233"><figcaption></figcaption></figure></div>

**Step 2**\
Select the `API keys` option:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2Fv2LIh5P8vyC8u7mlLk0K%2Fapi%20keys%202.png?alt=media&#x26;token=b9ed71a1-4e81-4745-a35b-fe325e6f7399" alt=""><figcaption></figcaption></figure></div>

**Step 3**\
Click the `create API key` button:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FbFFo5mhruuSYcBCRFT8B%2Fapi%20keys%203.png?alt=media&#x26;token=79e62f43-5a88-423c-a0e4-16ad2adf3d49" alt=""><figcaption></figcaption></figure></div>

**Step 4**\
A new key is generated - you can now copy this for use in your API requests,

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FpF4K7o1QiJhmSW2YzWUO%2Fapi%20keys%204.png?alt=media&#x26;token=974f6dab-d234-4039-bec9-d0c5ebd0f95a" alt=""><figcaption></figcaption></figure></div>

## **Revoking an existing API key**

Revoking an existing API key will cause requests to fail wherever this key is used, but the key remains in your list for future reference. If you're sure that you want to do this, follow the steps below.

**Step 1**\
Log into the [Patchworks dashboard](https://app.wearepatchworks.com/login), then select `general settings` | `API keys` (as shown [above](#generating-api-keys)).

**Step 2**\
Click the ellipses associated with the key to be revoked - for example:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FmqIvjzpu53Cc81iyHILt%2Fapi%20key%20options.png?alt=media&#x26;token=535c5be1-6690-4f9a-b1ae-856cd9154c71" alt=""><figcaption></figcaption></figure></div>

**Step 3**\
Select the `revoke` option - for example:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FmCTZunRdigHfWCM7z4f4%2Frevoke%20api%20key%201.png?alt=media&#x26;token=1dcd81cf-a7cf-4b79-980b-8f394e3293ad" alt=""><figcaption></figcaption></figure></div>

The key is revoked immediately and the timestamp for this action is displayed in the list of keys - for example:

<figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FbfXqPOSQICiWXEN7ZWSK%2Frevoke%20api%20key%202.png?alt=media&#x26;token=dc811806-4651-43a1-99ec-a7ff06d63d45" alt=""><figcaption></figcaption></figure>

## Deleting an existing API key

Deleting an existing API key will cause requests to fail wherever this key is used. Deleted keys are removed entirely, so if you need to keep track of keys issued over time, you may wish to consider the [revoke](#revoking-an-existing-api-key) option instead.&#x20;

If you're sure that you want to delete an API key, follow the steps below.

**Step 1**\
Log into the [Patchworks dashboard](https://app.wearepatchworks.com/login), then select `general settings` | `API keys` (as shown [above](#generating-api-keys)).

**Step 2**\
Click the ellipses associated with the key to be deleted - for example:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FmqIvjzpu53Cc81iyHILt%2Fapi%20key%20options.png?alt=media&#x26;token=535c5be1-6690-4f9a-b1ae-856cd9154c71" alt=""><figcaption></figcaption></figure></div>

**Step 3**\
Select the `delete` option - for example:

<div align="left"><figure><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FDa061yZWB9gaIKQ6VjiD%2Fdelete%20api%20key%201.png?alt=media&#x26;token=6b74a3e4-a47e-44af-8387-769d5bff30ab" alt=""><figcaption></figcaption></figure></div>

The key is removed immediately.

## Using API keys

An API key must be passed as an `authorization` value in request headers, for all requests.

<details>

<summary><img src="https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FpLMO12yvTCxi9PorCt53%2Ficons8-film.svg?alt=media&#x26;token=e59864bc-2d97-4f98-966c-a083c18e60db" alt="" data-size="line"> Show me</summary>

![](https://2440044887-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLYNcUBVQwSkOMG6KjZfz%2Fuploads%2FfiMU2fSvA6PjN23YjQmx%2Fapi%20keys%20demo.gif?alt=media\&token=c18545d7-bb26-4443-96c6-2109349fca79)

</details>