API Keys — Programmatic Access

API keys allow you to interact with Wevion programmatically, enabling integrations with external tools, scripts, and custom dashboards.

Prerequisites

• An active Wevion account with Owner role
• An active subscription

How It Works

API key management is available as a self-service feature for Owners and Admins.

API keys provide authenticated access to Wevion's REST API without requiring an interactive login flow. Each key is tied to a specific user and inherits that user's role and permissions.

Key Characteristics

• Scoped access: API keys inherit the permissions of the user who created them
• No expiration by default: Keys remain active until manually revoked
• Rate limited: API calls through keys are subject to the same rate limits as the web interface
• Audit logged: All API activity is tracked and associated with the key owner

Step-by-Step Guide

Generating an API Key

1. Navigate to Settings in the left sidebar
2. Look for the API Keys section
3. Click Generate New Key
4. Give the key a descriptive name (e.g., "Reporting Integration" or "Custom Dashboard")
5. Copy the key immediately — it will only be shown once
6. Store the key securely (e.g., in a password manager or environment variable)

Using an API Key

Include the API key in your HTTP requests using the Authorization header:

Authorization: Bearer YOUR_API_KEY

Example endpoints you might access:

• GET /api/v1/auth/me — Get your user profile
• GET /api/v1/billing/plans — List available plans
• GET /api/v1/billing/usage — Get resource usage
• GET /api/v1/notifications — List notifications

Revoking an API Key

1. Navigate to Settings > API Keys
2. Find the key you want to revoke
3. Click Revoke or the delete button
4. Confirm the action
5. The key is immediately invalidated — any integrations using it will stop working

Options and Configuration

Option	Description
Key name	Descriptive label for identification
Permissions	Inherited from the creating user's role
Rate limits	Same as the web interface
Expiration	Manual revocation only

Best Practices

• One key per integration: Create separate keys for each integration or script so you can revoke them independently
• Never share keys: Treat API keys like passwords — never commit them to version control or share them in plain text
• Use environment variables: Store keys in environment variables rather than hardcoding them
• Rotate periodically: Even though keys don't expire, rotating them periodically reduces risk
• Revoke unused keys: If an integration is no longer active, revoke its key immediately

FAQ

Who can create API keys? API key creation is restricted to Owner, Admin, and Super Admin roles.

Is there a limit on the number of API keys? Each team can have a maximum of 10 active API keys.

Can I regenerate a key without revoking it? No. To get a new key, you need to revoke the existing one and generate a new one. Update your integrations with the new key.

Do API keys bypass plan limits? No. API keys are subject to the same plan limits (ad accounts, spend caps, etc.) as the web interface.

What happens if my API key is compromised? Revoke the key immediately from the API Keys settings. Generate a new one and update your integrations. Review your account activity for any unauthorized actions.

Related Articles

• Roles and Permissions — Who Can Do What
• Security Best Practices
• Contacting Support