API Keys

API keys are managed through the AttractOS dashboard, not via API. Create, name, and revoke keys at Settings > API Keys. Each key provides full access to your account's data via the REST API and has its own rate limit counter.

Creating an API Key

  1. Log in to attractos.com/dashboard
  2. Go to Settings in the sidebar
  3. Click API Keys
  4. Click Generate New Key
  5. Enter a name (e.g., "Production Server", "Analytics Dashboard")
  6. Copy the key immediately—it won't be shown again
Important: The full API key is only displayed once at creation time. Store it securely in your password manager or environment variables.

Key Format

API keys are random 32-character strings. They do not contain any encoded information about your account or permissions. 

Example: a4b7c9d2e5f8g1h3i6j9k2l5m8n1o4p7

Don't confuse API keys with site keys:

  • API key — For REST API authentication (keep secret)
  • Site key — For tracking script (ak_..., safe to expose)

Managing Keys

Viewing Keys

The dashboard shows all your API keys with:

  • Name — The label you assigned
  • Last 4 characters — For identification (e.g., "...1o4p7")
  • Created date — When the key was generated
  • Last used — Most recent API request (if available)

Revoking Keys

  1. Go to Settings > API Keys
  2. Find the key to revoke
  3. Click the Revoke button
  4. Confirm the action

Revoked keys stop working immediately. Any requests using that key will receive 401 INVALID_KEY errors.

Security Best Practices

🔐

Never commit keys to git

Use environment variables or secrets management. Add .env to .gitignore.

🔄

Rotate keys periodically

Create a new key, update your apps, then revoke the old one. Do this every 90 days.

🏷️

Use descriptive names

Name keys by environment/purpose: "Production API", "Staging", "Analytics Script".

🚫

One key per environment

Don't share keys between dev/staging/production. This limits blast radius if compromised.

Key Limits by Plan

Plan Max Keys Rate Limit (per key)
Free 3 60 requests/min
Pro 10 600 requests/min

Rate limits are tracked independently per key. If you have 3 keys on Free, each can make 60 requests/minute (180 total across all keys).

Frequently Asked Questions

How many API keys can I have?
Free accounts can have up to 3 API keys. Pro accounts can have up to 10 API keys.
Can I see my API key after creating it?
No. For security reasons, the full API key is only shown once during creation. If you lose it, you'll need to create a new key.
What happens to requests when I revoke a key?
Requests using a revoked key immediately receive 401 INVALID_KEY errors. Make sure to update your applications before revoking keys.
Is there an API for managing API keys?
Not currently. API keys are managed through the dashboard UI. This is intentional to prevent key-sprawl and security issues.
Bot Traffic by AttractOS