API Keys
API Keys are used to authenticate programmatic access to the Rynko API. Manage your keys, set permissions, and monitor usage from this page.
API Keys are environment-scoped. Each environment has its own set of API keys, and documents generated with an API key belong to that environment. You must have an environment selected to manage API keys.
Learn more about Projects & Environments.
Overview
API keys allow your applications to interact with Rynko without requiring user login. Each key can have specific permissions and usage limits. Because API keys are scoped to an environment, you can maintain separate keys for different projects, stages, or clients.
Creating an API Key
- Click Create New API Key button
- Enter a descriptive name (e.g., "Production Server", "Testing App")
- Select permissions:
- ✅ Generate Documents
- ✅ Manage Templates
- ✅ View Analytics
- ✅ Manage Project
- Optionally set expiration date
- Click Create Key
⚠️ Important: Copy your API key immediately! You won't be able to see it again for security reasons.
API Key Format
fm_abc123xyz456...
All API keys use the fm_ prefix followed by a secure random string.
Permissions
Generate Documents
- Generate documents via API
- Required for document generation operations
Manage Templates
- Create, update, delete templates
- Publish/unpublish templates
View Analytics
- Access document generation metrics
- Generate reports
Manage Project
- Invite project members
- Update roles and permissions
Best Practices
- Use descriptive names: Identify keys by purpose or application
- Rotate regularly: Change keys every 90 days
- Limit permissions: Grant only necessary permissions
- Separate keys per environment: Use different keys for dev, staging, production
- Monitor usage: Check API activity regularly
- Revoke unused keys: Delete keys no longer in use
Security
- Never commit keys to Git: Use environment variables
- Store securely: Use secret management tools
- Monitor unauthorized use: Check activity logs
- Revoke compromised keys: Immediately delete if exposed
Using API Keys
In Code (Node.js)
const response = await fetch('https://api.rynko.dev/api/v1/documents/generate', {
headers: {
'Authorization': 'Bearer fm_abc123...',
'Content-Type': 'application/json'
}
});
In Environment Variables
# .env
RYNKO_API_KEY=fm_abc123xyz456...
Monitoring Usage
Each API key displays:
- Total requests: Number of API calls made
- Last used: Timestamp of last usage
- Status: Active or Revoked
Revoking Keys
To revoke an API key:
- Find the key in the list
- Click Revoke button
- Confirm revocation
- Key becomes invalid immediately
Note: Applications using revoked keys will receive 401 Unauthorized errors.
Rate Limiting
API requests are subject to rate limits based on the authentication type used:
| Auth Type | Requests/minute |
|---|---|
| API Key | 100 |
| OAuth | 120 |
| JWT (Dashboard) | 200 |
| Unauthenticated | 30 |
Environment Isolation
API keys are isolated by environment:
- Separate by Client: Create different environments for different clients or projects, each with their own API keys
- Separate by Stage: Use different environments (and API keys) for development, staging, and production
- Access Control: Project members only see API keys for environments they have access to
When you switch environments, you'll see a different set of API keys. This ensures complete isolation between projects.
Need help? Contact support@rynko.dev or check our API Reference