# API Keys Organization API keys let you access the Bullseye API programmatically from your own servers, scripts, or CI/CD pipelines — without requiring a browser session. ## Accessing API Keys Navigate to **Organization Settings > API Keys** in the sidebar. This section is visible to organization owners. ## Creating an API Key 1. Click **Create API Key** 2. Enter a descriptive name (e.g., "Production Server", "Staging Integration") 3. Select the scopes your integration requires: * **Read** — View visitors, companies, lists, and analytics * **Write** — Create and update lists, ICP configs, and settings * **Admin** — Full access including API key management * **Agency Read** / **Agency Write** — Available for agency accounts to manage sub-organizations 4. Click **Create Key** 5. Copy the key immediately from the confirmation dialog The full key is displayed only once. If you lose it, revoke the old key and create a new one. ## Using an API Key Include the key in the `X-API-Key` header of your HTTP requests: ```bash curl -X GET "https://api.app.bullseye.so/api/v1/organization/{org_id}/api-keys" \ -H "X-API-Key: bsk_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4" \ -H "Content-Type: application/json" ``` ## Viewing Keys The API Keys page displays all keys for your organization with: * **Name** — The label you assigned when creating the key * **Key prefix** — The first characters of the key for identification (the rest is masked) * **Scopes** — Permissions granted to the key * **Status** — Active or revoked * **Last used** — When the key was last used to make an API request * **Created** — When the key was created ## Revoking a Key Click **Revoke** next to any active key and confirm. Revocation is immediate and permanent — any application using the key will lose access. Create a new key before revoking if you need uninterrupted access. ## Rate Limits API key requests are limited to 1,000 requests per minute per key. Rate limit information is included in response headers. See the [Authentication](/api-reference/authentication.md) reference for details. ## Security Best Practices * Name keys descriptively so you know where each one is used * Grant only the scopes your integration needs * Set an expiration date for keys used in temporary or staging environments * Rotate keys periodically by creating a new key, updating your integration, then revoking the old one * Never commit keys to version control or expose them in client-side code --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bullseye.so/platform/api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.