Skip to main content
API keys are long-lived credentials that do not require rotation. They are ideal for server-side integrations, scripts, and more, as they simplify API interaction and eliminate the need for complex refresh logic.
Never use API keys in client-side code (for example, in a browser), as they can be easily stolen.

Usage

To authenticate an HTTP request using an API key, include the X-Api-Key header. 
curl --request GET \
  --url '/records' \
  --header 'X-Api-Key: <YOUR_API_KEY>'

Restrictions

Each API key is governed by two main parameters that define its scope of access within the workspace.
userType
string
default:"user"
required
The administrative authority level of the key.Possible values:
  • user—no administrative privileges (recommended for most scenarios).
  • administrator—management capabilities (including full deletion) for dashboards, datasets, roles, and users (except for those with full administrative access).
  • owner—management capabilities (including full deletion) for dashboards, datasets, roles, users (without restrictions), and the workspace itself.
role
integer
default:"null"
The data access level of the key. Defaults to unrestricted.Like any role, it determines which datasets are accessible (per state and property) and under what conditions.
Since an API key is not linked to a specific user, any “assigned only” permissions for the specified role will not apply.
Never grant a higher level of data access than is strictly necessary. For example, if an API key is provided to website developers only for automatic lead creation via a web form, it should not allow retrieval of any existing data.
You can issue multiple API keys for programmatic interaction with your workspace—each with its own set of restrictions.

Getting a Key

To get an API key, please contact Tracy support.
API keys are available only for workspaces on the “Small” plan and above.