API Keys
Manage API keys to control access to the Offly API.
Where to find API keys
API keys are managed in the Offly app under Settings → API Keys. Only users with the Owner or Admin role can create, view, and manage API keys.
Key properties
| Field | Description |
|---|---|
| Name | A descriptive label for the key (e.g. "Production API") |
| Scopes | Permissions granted to the key (e.g. read:users, write:leave-requests) |
| Created | Date and time the key was created |
| Last used | Date and time of the most recent API call with this key |
Creating a key
- Go to Settings → API Keys
- Click Create API Key
- Enter a descriptive name
- Select the scopes your integration needs
- Click Create
- Copy the key immediately — it won't be shown again
offly_sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6Rotating a key
To rotate a key without downtime: create a new key, update your integration to use the new key, verify it works, then revoke the old key. There is no automatic rotation — this ensures you stay in control of the transition.
Revoking a key
Click the Revoke button next to any key in Settings → API Keys. The key will immediately stop working and cannot be restored. Any active integrations using this key will begin receiving 401 Unauthorized responses.
Permissions
Only Owners and Admins can create, view, and revoke API keys. Members and other roles do not have access to the API Keys settings page.