← Back to glossary
IntegrationsUpdated 2026-07-06

API key

A secret token that identifies and authorizes an application when it calls an API, granting whatever access the key is configured to allow.

In more detail

An API key is a secret string that a caller includes with its requests to prove who it is and that it is allowed to call the API. It is the simplest form of programmatic authentication: whoever holds the key can act with its permissions, which makes keys easy to use and important to protect.

Compared with OAuth, an API key is simpler but blunter. It often carries broad access, does not by itself represent a specific user's scoped consent, and is only as safe as the place it is stored. Sound practice is to store keys as secrets, grant them the least access needed, and rotate them periodically.

Where this shows up at Ceven

Where a connected tool authenticates with an API key rather than OAuth, Ceven handles that credential as a stored secret used to act on the customer's behalf. As with any access, the actions taken are scoped to what the workflow needs and recorded in the audit trail, so the use of the credential stays visible.

Related terms

See it in production.

Start free