Manage API keys
Generate or revoke the API key used to authenticate requests to the DiscountFlow API.
The API tab is where you manage the API key used to authenticate requests to the DiscountFlow GraphQL API. This tab is only available to the organization owner.
Who can access this tab
The API tab is visible only to the organization owner. Other team members, including admins, cannot see or access this tab.
API key status
The tab shows two pieces of information about your current key:
| Field | Description |
|---|---|
| Status | Active if a key exists, No API key generated if none has been created |
| Last Used | How long ago the key was last used to make an authenticated API request |
Generating an API key
If no key exists, click Generate API Key.
The key is displayed once immediately after generation. Copy it and store it securely — in a password manager or secrets vault — before navigating away. It will not be shown again.
Generating a new key immediately invalidates the previous key. Any integrations or applications using the old key will stop working until updated with the new key.
Revoking an API key
If a key exists, click Revoke API Key. Confirm the action when prompted.
The key is permanently deleted. Any API requests authenticated with the revoked key will immediately return an authentication error. There is no undo — if you need API access again, generate a new key.
Security best practices
- Store the API key in a secrets manager, not in plain text files or environment variable files committed to version control.
- Rotate the key periodically or immediately if you suspect it has been exposed.
- Only give the key to applications and integrations that genuinely require API access.
For more details about our API, see API References