Skip to content
SocialMate
Knowledge base Developer API & automation

API authentication & keys

Create, label, copy, and revoke API keys — each hashed, scoped, and rate-limited.

1 min read Updated July 14, 2026

The API uses x-api-key authentication. Keys are stored SHA-256 hashed (never in the clear), carry per-key permissions, and are individually rate-limited.

API-key management — create, label, copy, and revoke keys.
API-key management — create, label, copy, and revoke keys.

Managing keys

  1. In Settings → API (or the API page), click Create key and give it a label (e.g. “n8n”, “shipping-service”).
  2. Copy it once — you’ll only see the full value at creation.
  3. Send it as the x-api-key header on every request.
  4. Revoke a key any time; revocation is immediate.

Tip. Use one key per integration and label it clearly. If a key leaks, revoke just that one without disrupting your other automations.

Keep keys secret. Treat an API key like a password. Store it in your automation’s secret store or environment variables, never in client-side code or a public repo.

Was this helpful?

Still stuck — open a ticket · Back to all articles

Free forever · no card Download free