API Key Management
API keys give your systems programmatic access to Ciklek data.
Enterprise plan required. API keys are not available on Starter or Professional plans.
Creating an API Key
- Go to Portal → Settings → API Keys
- Click New API Key
- Enter a descriptive name (e.g. "ERP Integration", "Inventory Webhook Consumer")
- Select the scopes needed (principle of least privilege — only grant what's needed)
- Click Create
⚠️ Copy the key immediately. It is shown only once. After leaving the page,
only the key prefix is visible (e.g. bsk_live_abc...).
Available Scopes
| Scope | Permission |
|-------|-----------|
| parts:read | Read parts and service history |
| parts:write | Create and update parts |
| orders:read | Read orders and timelines |
| orders:write | Create orders |
| invoices:read | Read invoices and line items |
| webhooks:write | Create and manage webhook endpoints |
Key Format
bsk_live_<40 hex chars>
bsk_live_prefix for production keysbsk_test_prefix for sandbox keys (when sandbox environment is available)
Rotating a Key
If a key is compromised:
- Portal → Settings → API Keys → find the key → Revoke
- Create a new key with the same scopes
- Update the new key in your integration
- Old key is immediately invalidated
Security Best Practices
- Never commit API keys to source control. Use environment variables.
- Store keys in a secrets manager (AWS Secrets Manager, HashiCorp Vault, 1Password Secrets Automation).
- Rotate keys every 90 days.
- Use separate keys per integration — makes revocation surgical.
- Monitor
last_used_atin the key list — unused keys should be revoked.
Key Usage Tracking
The API Keys list shows last_used_at for each key. If a key hasn't been used in
30+ days, consider revoking it.