An API key is a secret token which you can use to connect Close.io data to third-party applications (like Zapier) or your own internal system.
To create a new API key, go to “Settings” → “Your API Keys” and click “+ New API Key”
Make sure to give your new API key an informative name so that you’ll be able to easily tell which key is used for which integration. Once done, you’ll be given the newly-generated API key, which you should copy and store securely. This key will not be displayed ever again (only the key's ID will be shown), so make sure to copy it.
API keys vs IDs
An API key is a secret token, which is used to authenticate your requests to the Close.io API. It should be kept private and stored securely. On the other hand, an ID of an API key is just an identifier. It is safe to share.
Don’t be confused by the similarity between the two. For example:
API key ID: “api_7b8KOSMa0OevK9qJvT6F9s”
API key: “api_7b8KOSMa0OevK9qJvT6F9s.2H3Bt8ktGaQ9kVK45P7j7p”
The API key contains the ID, but it also contains a second secret part. Don’t ever share the full API key!
To delete an API key, go to “Settings” → “Your API Keys”, and click on the “…” next to the API key you’d like to delete.
Note that deleting an API key will immediately cut off access to Close.io data from any integration using that key. You will not be able to restore a deleted API key.
The best way to keep track of your API keys is to give them informative names and to use a separate API key for every integration. However, if that’s not enough, we provide you with some powerful clues that can help you determine what a specific API key is used for. Hover over the “Last Used” column and we will show you a) when the API key was used last, b) from what IP address, and c) with what User Agent:
API keys are a great way to connect Close.io to your favorite applications or your own internal system. However, with great power comes great responsibility. API keys can read and modify all of your CRM data and should be handled very carefully.
You should always store your API keys securely and you should never share them with parties you don’t trust. It is also recommended that you periodically create new API keys, update your integration(s), and delete the old API keys. This practice is typically referred to as “rotating” your API keys.