Scoped API keys are now available.

You can now create multiple API keys per environment, each with a specific set of permissions, so your integrations only get access to exactly what they need.

🆕 What's new

• Multiple scoped keys per environment: Generate as many keys as you need across your test, sandbox, and production environments, each scoped to a specific permission level. Assign them to individual services, teammates, or CI/CD pipelines.
• Fine-grained permission scopes:
  • Full access - complete read/write across all resources
  • Read only - read access across all resources, no writes
  • Customers write - manage customer data
  • Subscriptions write - create and update subscriptions
  • Coupons write - manage discount and coupon logic
  • API keys read & write - manage API keys programmatically
• Rotate or revoke anytime: Each scoped key can be rotated or revoked independently, without touching your other keys.
• UI & API support: Create and manage scoped keys directly from the dashboard or via the API to automate key provisioning as part of your infrastructure workflows.

⭐️ Why it matters

• Principle of least privilege: Instead of sharing a single full-access key everywhere, you can now issue narrowly scoped credentials per environment, limiting blast radius if a key is ever compromised.
• Cleaner integrations: Assign different keys to different services or teammates, each with only the permissions they need.
• Audit clarity: Multiple named keys make it far easier to trace which system made which call, and to revoke access for a specific integration without disrupting others.

🔒 Availability

Scoped keys are available on the Scale plan.

🛠 Get started

Navigate to Integrations > API keys inside your environment and click + Add scoped key to configure your first scoped credential.

To learn more about managing scoped keys via the UI or API, check out our documentation.

🍿 See it in action