Administration

API keys

Create and revoke keys that let other systems work with RakerOne.
View as Markdown

An API key is a credential that lets an outside system — a script, an integration, or another app — work with RakerOne on its own. The key is not a person. It carries its own permissions and acts as its own identity, and the things it does are recorded under its name.

Use an API key when you want another system to do something in RakerOne without a person clicking through the app — for example, a service that starts a playbook run from a webhook, or a tool that pushes records in.

The whole Admin group, including this page, is admin-only. If you don’t see it, ask an admin.

The API keys page

Open Admin → API keys in the sidebar. The page lists every key in your organization.

Each row shows:

  • Name — what the key is for.
  • Permissions — small badges for what the key can do. A key that can act as a user shows a Can impersonate badge; a key with no permissions shows No permissions.
  • Last used — when the key last called RakerOne, or Never if it hasn’t yet.
  • Created — when the key was made.
  • A Revoke button.

If there are no keys yet, you’ll see No API keys yet with a prompt to create one.

The badges show which permissions a key has, not what each one means. For the meaning of every permission, see Roles and permissions. Give a key only the permissions it actually needs.

Create a key

1

Open the create dialog

On the API keys page, click Create API key in the top right.

2

Name the key

Enter a Name that says what the key is for — for example, “Data import service.” The name is how you’ll recognize the key in the table and how its actions are recorded, so make it descriptive.

3

Pick its permissions

Under Permissions, tick only the capabilities this key needs. Each checkbox maps to one capability — the same capabilities described in Roles and permissions. Grant the fewest you can; you can always create a separate key for a different job.

4

Decide on impersonation (optional)

Leave Can impersonate users off unless you specifically need it. When it’s on, the key can act on behalf of a named user, and those actions are recorded under that person instead of the key.

5

Create the key

Click Create key. The dialog moves to a second screen showing the key value.

Copy the key now

After you create a key, RakerOne shows you the full value once, on a screen titled Copy your API key.

This is the only time you’ll see the full key. RakerOne can’t show it to you again. Click Copy and store the key somewhere safe before you close the dialog. If you lose it, you’ll have to revoke the key and create a new one.

On this screen, click Copy (it changes to Copied), paste the key into your secure store, then click Done to close. Clicking outside the dialog won’t close it here — that’s deliberate, so you don’t lose an uncopied key by accident.

Revoke a key

Revoke a key when it’s no longer needed or might be exposed. Revoking takes effect at once.

1

Click Revoke

On the API keys table, click Revoke on the key’s row.

2

Confirm

A dialog asks Revoke this API key? and warns that any system using the key will immediately lose access. Click Revoke key to confirm, or Cancel to keep it.

Revoking is immediate and permanent. Any integration using that key stops working right away, and the key can’t be brought back. If you only meant to rotate the key, create the new one first, switch your integration over to it, then revoke the old one.

You can’t look up a key’s value again — RakerOne never stores it in a way you can read. If a key is lost or you suspect it’s been exposed, revoke it and create a fresh one. Update any system that used the old key with the new value.

Where to go next

Roles and permissions

See what each permission lets a key (or a person) do.

Triggers

Start playbook runs automatically from an outside system.