API Keys
An administrator creates API keys from Settings > API Settings in VisaFlo. Give each key a clear integration name, such as HubSpot production or Intake webhook.
The key belongs to the workspace where it was created. VisaFlo uses it to determine which leads, clients, cases, files, tasks, notes, and workflows the request can access.
Send the Key
Send the key on every workspace API request using X-API-Key.
Do not use Authorization: Bearer for this API. Bearer tokens are used by other VisaFlo product surfaces and do not authenticate workspace API requests.
Keep Keys Safe
- Store keys in a secret manager or encrypted environment variable.
- Do not put a key in browser code, a client-side extension, or a public repository.
- Use one key per integration and environment.
- Revoke a key immediately when an integration is retired or a key may have leaked.
Errors
VisaFlo only displays a newly generated key once. Save it before closing the confirmation dialog.