API Keys
API Keys are used to authenticate programmatic access to the Rynko API. Manage your keys, set permissions, and monitor usage from this page.
API Keys are workspace-scoped. Each workspace has its own set of API keys, and documents generated with an API key belong to that workspace. You must have a workspace selected to manage API keys.
Learn more about Teams & Workspaces.
Overview
API keys allow your applications to interact with Rynko without requiring user login. Each key can have specific permissions and usage limits. Because API keys are scoped to a workspace, you can maintain separate keys for different projects, environments, or clients.
Creating an API Key
- Click Create New API Key button
- Enter a descriptive name (e.g., "Production Server", "Testing App")
- Select permissions:
- ✅ Generate Documents
- ✅ Manage Templates
- ✅ View Analytics
- ✅ Manage Team
- Optionally set expiration date
- Click Create Key
⚠️ Important: Copy your API key immediately! You won't be able to see it again for security reasons.
API Key Format
rd_sk_abc123xyz456...
All API keys use the rd_sk_ prefix followed by a secure random string.
Permissions
Generate Documents
- Generate documents via API
- Required for document generation operations
Manage Templates
- Create, update, delete templates
- Publish/unpublish templates
View Analytics
- Access document generation metrics
- Generate reports
Manage Team
- Invite team members
- Update roles and permissions
Best Practices
- Use descriptive names: Identify keys by purpose or application
- Rotate regularly: Change keys every 90 days
- Limit permissions: Grant only necessary permissions
- Separate keys per environment: Use different keys for dev, staging, production
- Monitor usage: Check API activity regularly
- Revoke unused keys: Delete keys no longer in use
Security
- Never commit keys to Git: Use environment variables
- Store securely: Use secret management tools
- Monitor unauthorized use: Check activity logs
- Revoke compromised keys: Immediately delete if exposed
Using API Keys
In Code (Node.js)
const response = await fetch('https://api.rynko.dev/api/v1/documents/generate', {
headers: {
'Authorization': 'Bearer rd_sk_abc123...',
'Content-Type': 'application/json'
}
});
In Environment Variables
# .env
RYNKO_API_KEY=rd_sk_abc123xyz456...
Monitoring Usage
Each API key displays:
- Total requests: Number of API calls made
- Last used: Timestamp of last usage
- Status: Active or Revoked
Revoking Keys
To revoke an API key:
- Find the key in the list
- Click Revoke button
- Confirm revocation
- Key becomes invalid immediately
Note: Applications using revoked keys will receive 401 Unauthorized errors.
Rate Limiting
API keys are subject to rate limits based on your plan:
| Plan | Requests/minute |
|---|---|
| Free | 60 |
| Starter | 300 |
| Pro | 1,000 |
| Enterprise | Custom |
Workspace Isolation
API keys are isolated by workspace:
- Separate by Project: Create different workspaces for different clients or projects, each with their own API keys
- Separate by Environment: Use different workspaces (and API keys) for development, staging, and production
- Access Control: Team members only see API keys for workspaces they have access to
When you switch workspaces, you'll see a different set of API keys. This ensures complete isolation between projects.
Need help? Contact support@rynko.dev or check our API Reference