API Keys

Create an API key so a script or service can access your own Apptoto account through the Apptoto API.

An API key is a secret token that stands in for your password when a program signs in to the Apptoto API. Several integrations ask for one — for example, the SQL Database connector and Zapier both authenticate with your username and an API key rather than your password, which is more stable and lets you revoke access without changing your login.

Use an API key when you only need access to your own account. If you are building an app that other people will authorize against their accounts, register an OAuth Application instead.

Create an API key

1. Open API Keys — Navigate to Settings > Integrations > Developer Tools > API Keys.

2. Click “Add API Key” — A short form opens.

3. Fill in the details:

   • Enabled — Leave this on. Turn it off to temporarily disable the key without deleting it.
   • Name — A friendly name so you can recognize the key later (for example, “Zapier” or “Nightly sync script”). Required.
   • Description — Optional notes about what the key is for.

4. Click “Create” — Apptoto generates the key and returns you to the list. Your new key now has an API Key value you can copy.

5. Copy the key — Click the copy icon next to the key value (in the list, or on the key’s settings screen) and paste it into the service that needs it.

Manage your keys

The API Keys list shows every key on your account:

Column	What it shows
Name	The friendly name you gave the key.
Description	Your optional notes.
Enabled	Whether the key currently works. A disabled key is rejected until you turn it back on.
API Key	The key value, with a copy button.
Date Created	When the key was created.
Actions	A gear icon that opens the key’s settings to rename, enable/disable, or delete it.

To change a key, click the gear icon in the Actions column. From there you can rename it, toggle Enabled, copy the key value, or click Delete to remove it.

Caution

Treat an API key like a password. Anyone who has it can access your account through the API. If a key is ever exposed, open its settings and delete it — any service still using it will stop working immediately, so swap in a fresh key.

Use your key with the API

Most integrations that accept an API key ask for your Apptoto username and the API key in place of your password. Drop the key into whatever field the service labels “API Key” or “Password”, alongside your account email.

For the full list of endpoints and request formats, see the Apptoto API reference at apidocs.apptoto.com.

Related

• OAuth Applications — register an app that other Apptoto users can authorize against their own accounts.
• MCP Server — connect Apptoto to an AI assistant such as Claude or ChatGPT.
• Authorized Applications — review and revoke applications that have access to your account.