API Keys

API keys let your application talk to SIE Data without going through the dashboard. This guide covers generating, rotating, and revoking them safely.

Generate a key

1. Open Settings → API Keys.
2. Click New key.
3. Name it something meaningful — for example, production-server.
4. Pick a permission level: read-only, standard, or full access.
5. Copy the key. It is only shown once.

curl https://api.siedata.dev/api/v1/health \
  -H "X-API-Key: vpx_live_YOUR_NEW_KEY"

Rotate without downtime

You can have up to 5 active keys per account. To rotate:

1. Generate a new key while the old key is still active.
2. Update your application config or secret manager.
3. Deploy and verify traffic is flowing on the new key.
4. Revoke the old key from the dashboard.

We recommend rotating every 90 days. The dashboard shows a yellow warning when a key crosses 90 days of age.

Revoke a leaked key

If you suspect a key is compromised, click Revoke immediately. The key returns 401 Unauthorized within 60 seconds.

7-day grace period

When you mark a key as Deprecated (instead of Revoked), it keeps working for 7 days but starts returning a Sunset response header. Your monitoring picks it up, you finish the migration, then revoke. This is the safest path for production rollovers.

# Look for this header during the grace window:
HTTP/2 200
Sunset: Wed, 09 May 2026 12:00:00 GMT
SIE-Key-Status: deprecated

Best practices

• Never commit keys to git — use secret managers.
• Use a separate key per environment (dev, staging, prod).
• Use read-only keys for analytics dashboards.
• Restrict by IP whitelist for server-side keys.

What's next?

• Set up webhooks to receive signal events
• Read the auth reference for HTTP details
• Track API usage against your credit bucket