Skip to Content
Getting StartedAPI Keys

API Keys

API keys authenticate every request you make to the Signus API. Keys are scoped to the workspace they’re created in.

Access to the Developer settings is Organization Admin only, and your workspace must have API access enabled. See Developer Settings → Access for details.

Create a key

Open Settings → Developer → Configuration

In the Signus app , go to Settings → Developer. The default Configuration tab is what you want.

Click “Create API key”

A dialog opens with a single field: Name. Give the key a descriptive label — for example Production, Staging, or CI/CD. The name is only for your reference and has no effect on what the key can do.

Copy the secret immediately

After you click Create, the dialog flips to show the secret. You have three controls:

  • Eye icon — toggle visibility (secret is masked as dots by default)
  • Copy icon — copies the secret to your clipboard
  • Done — closes the dialog

The secret is shown once. Once you close the dialog, it’s gone — there is no way to retrieve it. Paste it into a password manager, secret store, or CI secret before dismissing the dialog.

Use the key

Send it in the Authorization header of every request:

Authorization: Bearer sk_...

Combined with your Account ID:

curl https://api.signus.ai/v1/accounts/$SIGNUS_ACCOUNT_ID/templates \
  -H "Authorization: Bearer $SIGNUS_API_KEY"

Test a key

Next to Create API key is a Test API key button. Click it to open a testing dialog that:

  1. Takes any API key secret you paste in.
  2. Fires a real GET /v1/accounts/{ACCOUNT_ID}/templates?pageIndex=0&pageSize=5 against the production API.
  3. Displays the result inline — HTTP status, response time in milliseconds, and the first 800 characters of the JSON body (with a “Copy full JSON” button for the rest).
  4. Shows the exact cURL command that was run, with a copy button — useful for reproducing the call from your terminal.

Use this any time you want to verify that a key is alive and authorized without leaving the app.

List and delete

Existing keys appear below the buttons. Each row shows:

  • Name (bold)
  • Created — human-readable creation date
  • Trash icon — opens a confirmation dialog to delete the key

Deletion is immediate. Applications still using the key get 401 Unauthorized on the next call.

There’s no “rotate” action today. To rotate, create a new key, switch your app over to it, then delete the old one.

Best practices

  • Copy once, store safely. The secret is non-recoverable — lose it and you need a new key.
  • Use separate keys per environment (your staging vs. your production).
  • Use separate keys per service when practical — makes targeted revocation cheap.
  • Never commit keys to git. Use your CI system’s secret storage (GitHub Actions secrets, Bitbucket variables, AWS Secrets Manager, Vault, 1Password, etc.).
  • Revoke on personnel changes. When someone with access leaves, rotate.