![new_rasa_io-mark.png]](https://help.rasa.io/hs-fs/hubfs/new_rasa_io-mark.png?width=50&height=50&name=new_rasa_io-mark.png)
API Keys
If you or your developer team are building a custom integration with rasa.io, you'll need API keys. This article gives a high-level overview.
If you or your developer team are building a custom integration with rasa.io, you'll need API keys. This article gives a high-level overview.
What API keys are for
API keys let external systems make authorized requests to the rasa.io API. Common use cases:
- Custom sign-up flows on your website (without using rasa.io's embedded forms)
- Programmatically adding contacts from your application
- Pulling analytics data into another system
- Building custom integrations beyond what's offered in Settings → Integrations
Who this is for
API keys are developer-targeted. If you're not building a custom integration, you don't need to worry about this page.
If you have a developer who wants to integrate with rasa.io, send them to Settings → API Keys to generate the credentials they need.
How to create a key
Go to Settings → API Keys and click + Create API Key. Follow the prompts to set up the key.
⚠️ Store API keys securely. Treat them like passwords:
- Don't commit them to source code repositories
- Don't share them via email or chat
- Use environment variables or secret managers in your applications
- Rotate keys periodically
If a key is compromised
If you think a key has been exposed (accidentally committed to a public repo, shared with the wrong person, etc.):
- Go to Settings → API Keys
- Revoke the compromised key immediately
- Create a new key for your application
- Update your application with the new key
Need API documentation?
For technical details on what the rasa.io API can do, contact support@rasa.io. We can connect your developer with the right resources.
What's next
- Integrations — pre-built integrations that don't require API keys
- Sign-up forms and webhooks — alternative ways to capture sign-ups