Skip to Content
SettingsDeveloper SettingsSecret API Keys

Manage Secret API Keys

In this guide, you’ll learn how to create and manage secret API keys in the admin.

Note: This section is mainly useful for developers and technical teams building custom integrations or applications.

What is a Secret API Key?

A secret API key is an authentication token that allows access to the Admin APIs.
You can include it in request headers to authenticate as an admin user.

⚠️ Important: Never expose your secret API key in client-side code or public repositories. It provides full access to your store’s data and operations.

Refer to the API Reference for details on how to pass the secret API key in request headers.

View Secret API Keys

To view your secret API keys:

  1. Go to Settings → Secret API Keys.
  2. You’ll see a list of all secret API keys belonging to the currently logged-in user.
    You can search, filter, or sort the list to find a specific key.

Create Secret API Key

Each user can have one active secret API key at a time.
If you already have one, you’ll need to revoke it before creating a new one.

To create a new secret API key:

  1. Go to Settings → Secret API Keys.
  2. Click Create in the top-right corner.
  3. In the form that opens:
    • Enter a title for the key.
  4. Click Save.

A pop-up will display the new secret API key.
Copy it and store it securely — you won’t be able to view it again.

View Secret API Key Details

To view the details of a secret API key:

  1. Go to Settings → Secret API Keys.
  2. Click on a key from the list.

This opens the details page for that key, where you can manage it.

Secret API Key Status

The status of each key appears in the header of its details page.

StatusDescription
ActiveThe key is active and can be used in authenticated API requests.
RevokedThe key has been revoked and can no longer be used.

Edit Secret API Key

To edit a secret API key’s title:

  1. Open the key’s details page.
  2. Click the ⋮ (three dots) in the first section’s header.
  3. Choose Edit from the dropdown.
  4. In the side panel that opens, update the title.
  5. Click Save.

Revoke Secret API Key

⚠️ Warning: Revoking a secret API key is irreversible.
Once revoked, it cannot be used again or reactivated.

To revoke a secret API key:

  1. Go to the key’s details page.
  2. Click the ⋮ (three dots) in the first section’s header.
  3. Choose Revoke API key from the dropdown.
  4. Confirm by clicking Revoke API key in the pop-up.

Delete Secret API Key

⚠️ Warning: Deleting a secret API key is irreversible.
You can only delete a key after it has been revoked.

To delete a secret API key:

  1. Go to the key’s details page.
  2. Click the ⋮ (three dots) in the first section’s header.
  3. Choose Delete from the dropdown.
  4. Confirm deletion by clicking Delete in the confirmation pop-up.
Last updated on
Publishable API KeysWorkflows