API Keys

Secure authentication for integrations and OpenConnect workflows

What are API Keys?

API Keys are secure authentication tokens that allow external applications and services to connect with the OpenMethods platform. They enable programmatic access to trigger experiences, automate workflows, and integrate with other platforms.

Primary Use Case: OpenConnect Integration

API Keys enable the OpenConnect platform to trigger PopFlow experiences programmatically. This allows you to:

  • Automatically launch customer journeys based on real-time events
  • Create personalized experiences triggered by your CRM or marketing tools
  • Execute multi-channel engagement flows via REST API
  • Integrate the platform with your existing tech stack

Getting Started

Access the API Keys Dashboard

Navigate to Configuration → API Keys from the main menu to access the API Keys dashboard.

API Keys Dashboard

API Keys dashboard showing existing keys and management options

From the dashboard, you can view all your API keys, see their status, and access management features through the action buttons.

Creating a New API Key

Follow these steps to generate a new API key:

1

Click "Generate New Key"

Locate the "Generate New Key" button in the top-right area of the dashboard and click it to open the creation wizard.

2

Fill in Key Details

The creation form will appear. Complete the following fields:

  • API Key Name (required) - A descriptive name like "OpenConnect Production"
  • Description (optional) - Notes about the key's purpose or usage
  • Key Type (required) - Select the appropriate access level for your integration
API Key Creation Form

API Key creation wizard with required fields

3

Select Key Type

Click the "Select a Key Type" dropdown to choose the appropriate permission level for your needs.

Key Type Selection

Selecting the appropriate key type and access level

4

Configure Security (Optional)

For enhanced security, configure the Domain Allow-List to restrict which domains can use this API key. This is recommended for production environments.

5

Create the Key

Review your settings and click "Create API Key" to generate your new key.

Securing Your API Key

⚠️ Important: One-Time Display The complete API key will only be shown once immediately after creation. Make sure to copy and save it securely before closing the success dialog.
API Key Created Successfully

Success screen displaying your new API key (shown only once)

Best Practices for API Key Security

  • Copy the API key immediately and store it in a secure password manager or secrets vault
  • Never share API keys via email, chat, or commit them to version control (Git)
  • Use environment variables when deploying applications that use API keys
  • Configure Domain Allow-Lists to restrict where the key can be used
  • Regularly review and rotate keys, especially if team members leave
  • Revoke any keys that may have been compromised immediately
💡 Tip: Copy to Clipboard Use the copy button in the success dialog to quickly copy the API key to your clipboard without manually selecting the text.

Using Your API Key with OpenConnect

Integration Setup

Once you have your API key, you can integrate it with OpenConnect to trigger PopFlow experiences:

1

Access OpenConnect Settings

Click the "Setup Integration" button from the API Keys dashboard, or navigate directly to OpenConnect configuration.

Setup Integration

OpenConnect integration setup interface

2

Configure the Connection

Add your API key to the OpenConnect connection settings. This establishes secure authentication between OpenConnect and the platform.

3

Test the Connection

Use OpenConnect's test feature to verify the API key is working correctly before deploying to production.

4

Trigger Experiences

OpenConnect can now trigger PopFlow experiences programmatically using REST API calls with your authenticated API key.

Managing Your API Keys

View All Keys

The API Keys dashboard displays all your keys in a table format showing key name, description, allowed domains, creation date, creator, and key type.

Viewing Activity

Click "View Audit Trail" to see a complete history of all API key operations including creation, modifications, and usage events.

Audit Trail

Comprehensive audit trail showing all API key activity

Editing a Key

You can update the following properties of an existing API key:

  • Name - Update to reflect current usage
  • Description - Add or modify notes about the key's purpose
  • Domain Allow-List - Add or remove allowed domains
Note: You cannot view or recover the actual API key token after creation. If you lose it, you must create a new key and update your integrations.

Revoking a Key

If you need to disable an API key (for security reasons, or if it's no longer needed), you can revoke it from the actions menu. Revoked keys immediately stop working and cannot be reactivated.

⚠️ Important: Revoking a key is permanent. Any applications or services using the revoked key will immediately lose access. Make sure to update your integrations before revoking.

Common Use Cases

1. OpenConnect Integration for Customer Journeys

The most common use case: Create an API key for OpenConnect to trigger PopFlow experiences based on customer behavior, CRM events, or marketing automation triggers.

2. Third-Party Application Access

Grant controlled access to external applications that need to interact with platform APIs without sharing user credentials.

3. Automated Testing

Generate dedicated API keys for automated testing environments to validate integrations without affecting production keys.

4. Partner Integrations

Provide API keys to trusted partners for specific integration projects, with appropriate access controls and domain restrictions.

Troubleshooting

API Key Not Working

  • Verify the key hasn't been revoked in the dashboard
  • Check that your request is coming from an allowed domain (if Domain Allow-List is configured)
  • Ensure you're using the correct key type for your operation
  • Verify the API key is being sent correctly in the Authorization header

Lost API Key

If you've lost your API key, you cannot recover it. You must:

  1. Generate a new API key with the same settings
  2. Update all applications and services to use the new key
  3. Test the new key in all integrations
  4. Revoke the old key once migration is complete