Generate an API key

How to generate an API key

In order to generate an API key for your workspace, you must be an admin. If you're not an admin for your workspace, you can ask an admin to complete the following steps:

• From the dropdown beside your workspace name, click Workspace settings

• Click the Developers tab

• Click Create a new integration

• Give your integration a name, plus an optional description and avatar

• Set the appropriate Scopes for the integration

• Treat access tokens like passwords - they contain sensitive information. Learn more about keeping your data safe

Once you've created a new integration, click the Access tokens dropdown to manage your access tokens. You can copy existing tokens to your clipboard, or add new ones. 

Fine-tune the settings for your integration using the Scopes, OAuth, and Webhooks dropdowns.

To make changes to your integrations or delete them, you can always return to the Developers tab in Workspace settings. Learn more about using Attio's API.

Keeping your data safe

Your API keys should be treated as highly sensitive information - think of a token like a password. You should only give tokens to services you fully trust.

Scopes should be used to limit how much access a token has to your Attio data. Use the Scopes dropdown when configuring an integration to fine-tune its access.

If leaked, tokens could be used maliciously - they can provide someone with access to all of your Attio data. If you suspect a token has been compromised, revoke it and replace it with a new one.

Revoke an access token

Workspace admins can permanently revoke access tokens from the Developers tab of Workspace settings.

To revoke a token, click on the ⋮ icon beside the integration name. Click Manage integration from the dropdown. Next click the ▾ icon beside Access tokens. Locate the token you wish to revoke and click the trash can icon beside it to permanently delete it.