Skip to main content

API keys and external system access

The API keys screen is the actual place where you manage API access for external systems.

When to use this page

when a CRM, website, mobile app, or another external system needs API access to your data;
when you want to give different access levels to different external systems;
when you need to stop, limit, or remove existing API access.

Access

Open Integrations.
Select API keys.

What you see in the list

Name
Expires at (or Never)
Active
Actions: Edit API key, Delete API key

Create a new key

Select New API Key.
Fill in Name (required), Expires at (optional), Active, and Select permissions.
Select Create.
Securely store the displayed token and provide it to the external system.

What each field means

Name is your internal label for the key.
Expires at defines when the key should stop working. If left empty, the key has no expiration.
Active lets you stop or allow access without deleting the key.
Select permissions defines which resources and actions will be available through this key.

How permissions work

Permissions are selected separately for each key.
The key can access only the resources and actions you have allowed.
If access should be more limited, create a separate key with fewer permissions.

How to manage an existing key

use Edit API key when you need to change the name, expiration, status, or permissions;
disable Active if you want to stop access temporarily;
use Delete API key if the integration no longer needs access.

How API access works

The external system uses the token as Authorization: Bearer <api-key>.
Access depends on the key being active, not expired, and having the required permissions.
The business must also have the external_connectivity feature active in its subscription.

What is available in the current product

JSON:API v2 supports API key access.
The public v2 specification documents resources such as services, available slots, appointments, working hours, installments, and payments.
If external_connectivity is not active, some requests can return 402 Payment Required.

Critical security note

After creation, the system shows API Access token in a dedicated modal.
This token is shown once only. After closing the modal, it cannot be viewed again.
Store the token securely and do not share it.

What is not available in the current UI

Logs is present in the menu but currently disabled in the UI.
If you edit an existing key, the system does not show the previous token again. The token display is only part of creation.
There is no dedicated webhook setup screen in the Business UI.

When to use this page
Access
What you see in the list
Create a new key
What each field means
How permissions work
How to manage an existing key
How API access works
What is available in the current product
Critical security note
What is not available in the current UI
Related topics