Create an API key
1
Open Integrations
In the Retainful dashboard, go to Integrations and open (or create) the integration your system represents — for a bespoke backend, create a custom app.
2
Generate the key
Click Create API key. Copy it immediately and store it in your secrets manager — treat it like a password.
Use the key
Send it on every request in theX-API-Key header:
Retainful-api-key is accepted as an alias.
Requests without a valid key receive 401 Unauthorized.
Key hygiene
- Server-side only. Never ship an API key in browser JavaScript or a mobile app — anyone can read it there. Calls from your storefront should go through your own backend.
- One key per system. Give your CRM sync and your booking platform separate keys, so you can rotate or revoke one without breaking the other.
- Rotate on departure. If someone with access to the key leaves, revoke it from Integrations → your app → API keys and issue a new one.
- Environment variables, not source code. Keys in git history live forever.
Revoking
Revoke any key from the same place you created it. Revocation is immediate — in-flight systems using the key start receiving401s on their next request.