For developers
Generate + rotate API keys
Open /dashboard/developer → New API key. The full secret is shown exactly once.
Creating a key
- Pick a human name you'll recognise in logs ('Zapier integration', 'Mobile app v1').
- Select scopes — only check what the integration actually needs.
- Add an optional note so future-you knows what the key is for.
- Hit Generate. Copy the secret immediately — we never store plaintext.
Rotation
There's no in-place rotation. To rotate: generate a new key, update your client, revoke the old one. Revoked keys remain visible for audit so you can match a log line back to the key that produced it.
Scopes
- read:courses — list courses, lessons, modules
- read:students — list enrolled students + progress
- read:orders — receipt + entitlement history
- read:analytics — aggregate metrics
- write:students — create / update student profiles
- write:enrollments — enrol / revoke access
Never embed a key in a client bundle or mobile app. Those should proxy through your backend, which holds the secret.
Related