Skip to main content

API Keys

API keys provide a simple way to authenticate with the Accomplish API. Each API key is associated with your user account and can be configured with specific scopes to control access to different resources.

Authentication Method

The Accomplish API uses HTTP Basic Authentication with your API key as the username. No password is required.

Making Authenticated Requests

Include your API key in the Authorization header using Basic authentication:

curl -u YOUR_API_KEY: https://accomplish.dev/api/v1/projects

Or set the header explicitly:

curl -H "Authorization: Basic $(echo -n 'YOUR_API_KEY:' | base64)" \
  https://accomplish.dev/api/v1/projects

Creating API Keys

  1. Navigate to your account settings in the Accomplish app
  2. Go to SettingsAPI Keys
  3. Click Create New Key
  4. Enter a descriptive name for your API key
  5. Select the appropriate scopes for your use case
  6. Click Create API Key

Your API key will be displayed once. Store it securely as it cannot be retrieved again.

Scopes and Permissions

API keys use a granular scope system to control access to different resources. You can select specific scopes when creating an API key to limit what actions the key can perform.

For a complete list of available scopes and their permissions, see the Authorization documentation.

Best Practices

Security

  • Keep your API keys secure - Never expose them in client-side code or public repositories
  • Use environment variables - Store API keys in environment variables, not in source code
  • Rotate keys regularly - Delete unused keys and create new ones periodically
  • Use minimal scopes - Only grant the minimum permissions required for your use case

Usage

  • Name your keys descriptively - Use names that identify the purpose (e.g., "Production Integration", "Analytics Dashboard")
  • One key per application - Create separate API keys for different applications or environments
  • Monitor usage - Track API key usage to identify potential security issues

Managing API Keys

Viewing Your Keys

You can view and manage your API keys in the Accomplish app under SettingsAPI Keys. This page shows:

  • Key name and creation date
  • Last used timestamp
  • Configured scopes
  • Options to delete keys

Revoking Keys

To revoke an API key:

  1. Go to SettingsAPI Keys in your account settings
  2. Find the key you want to revoke
  3. Click the delete button next to the key
  4. Confirm the deletion

Note: Revoking an API key immediately invalidates it. Any applications using the revoked key will receive authentication errors.