Create and scope an API key

Go to API keys, create a key, label it for where it will be used ("website signup form", "CRM sync"). The secret is shown once. Store it somewhere safe; you cannot read it again, only roll it.

Keys are scoped to the organisation, not to you. If you leave the organisation, the key keeps working. Roll or delete keys when a person or integration goes away.

Rate limit is 60 requests per minute per key by default, higher on larger plans.