Generate an API key
Open Settings
In the Connectly inbox, click Settings in the left sidebar, then select the General tab. Scroll down to the API Key and Webhook Secret section and click Create API Key.
Name your key
Give the key a descriptive name so you can identify it later β for example,
Production Backend or Integration.Select scopes
Choose which permissions this key should have. If no scopes are selected, the key has full access to all operations.
| Scope | What it allows |
|---|---|
ai.manage | Manage AI tools and internal diagnostics |
campaign.manage | Manage campaigns, templates, flows, automations, and audiences |
commerce.manage | Manage orders, checkouts, billing, and delivery controls |
conversation.manage | Manage rooms, inbox actions, tickets, and tags |
customer.manage | Manage customer records and profile data |
key.manage | Create, revoke, and manage API keys |
messaging.send | Send outbound messages and campaigns |
system.manage | Perform privileged internal system operations |
workspace.manage | Manage business, channels, users, teams, and integrations |
Set an expiration (optional)
By default, keys have no expiration. If you want the key to automatically expire β for example, for a temporary integration or a contractor β select an expiration period from the dropdown.
Use your API key
Include the key in theX-API-Key header on every request to the Connectly API:
X-API-Key header returns an ERROR_TYPE_AUTHENTICATION error.
Manage existing keys
From Settings β General β API Key and Webhook Secret you can view all keys associated with your account, see their names, scopes, and expiration dates, and revoke any key that is no longer needed.Security best practices
- Never expose your API key client-side β donβt include it in frontend JavaScript, mobile apps, or public repositories.
- Use scoped keys β restrict each key to only the permissions it needs.
- Rotate keys regularly β especially after team member offboarding or if you suspect a key has been compromised.
- Set expiration dates for temporary integrations or external collaborators.
- Store keys in a secrets manager β use a tool like AWS Secrets Manager, HashiCorp Vault, or a password manager rather than hardcoding keys in config files.
