Create a key
Open API settings
Go to Settings → API in the Klipy app.
Choose scopes
Select exactly the scopes the integration needs, for example
contacts:read and deals:write. There is no ALL scope — a key can only do what it’s explicitly granted.Choose an access level
- Organization-wide — reads and writes any record in the organization. Use this for server-to-server integrations acting on behalf of the whole team.
- User-bound — scoped to one user’s own records. Use this when the integration should only ever see what that specific user can see.
Rotate a key
Rotating a key issues a new secret on the same key record — the scopes and access level are preserved, only the secret changes. The previous secret keeps working for a short grace window after rotation, so you can update a running integration without downtime: deploy the new key, confirm it works, then the old one stops resolving once the grace window ends.Revoke a key
Revoking a key immediately stops it from authenticating — any request using it returns401. The key record itself is kept (not deleted) so past API activity remains attributable in your audit history.
Key lifecycle summary
| State | Behavior |
|---|---|
active | Authenticates normally. |
| Rotated | Old secret works until the grace window ends; new secret works immediately. |
expired | If the key has an expiry set and it has passed, requests return 401. |
revoked | Requests return 401. Cannot be reactivated — issue a new key instead. |
Related topics
- Introduction — scopes, access levels, and the envelope format.
- Migrating from v1 — what changed from v1’s key system.