Your digital Swiss Army knife. API keys that are more organized than a Type-A hiker's backpack.
In a world of OAuth flows and JWT tokens, API keys remain the backbone of service-to-service authentication
IoT devices, background jobs, and webhooks don't have time for complex auth flows. They need simple, secure, reliable access.
No OAuth handshakes. No token exchanges. Just instant validation at the edge for lightning-fast API access.
Simple on the surface, enterprise-grade security underneath. Scoped permissions, IP restrictions, and real-time monitoring.
Enterprise-grade API key management with developer-friendly implementation
Granular permissions that actually make sense. Read-only? Write to specific resources? Custom scopes? You got it.
Real-time usage tracking and detailed analytics. Know exactly what your API keys are up to.
Security that sleeps so you can. IP whitelisting, rate limiting, and instant revocation.
App-scoped keys with hierarchical permissions and cross-tenant isolation.
Tiered limits, burst allowances, and quota management that handles traffic spikes gracefully.
Your compliance team will love this. Every key, every request, every response tracked.
Generate keys in seconds, use them everywhere
const apiKey = await app.createApiKey({{
name: 'Production Webhook Handler',
scopes: ['webhooks:write', 'events:read'],
expiresIn: '90d',
ipWhitelist: ['192.168.1.0/24'],
rateLimit: {{
requests: 1000,
window: '1h'
}}
}});
console.log(apiKey.key); // ak_live_1234567890abcdef
console.log(apiKey.id); // key_abc123
// That's it. You're done. Go grab a coffee.// Header-based auth (recommended)
curl -H "X-API-Key: ak_live_1234567890abcdef" \
https://api.yourapp.com/webhooks
// Bearer token format
curl -H "Authorization: Bearer ak_live_1234567890abcdef" \
https://api.yourapp.com/data
// Query parameter (for legacy systems)
curl "https://api.yourapp.com/events?api_key=ak_live_1234567890abcdef"
// We're flexible like yoga instructors who also code// List all keys
const keys = await app.listApiKeys();
// Get key usage stats
const usage = await app.getKeyUsage(keyId, {{
period: '7d'
}});
// Rotate a key
const newKey = await app.rotateApiKey(keyId);
// Revoke compromised key instantly
await app.revokeApiKey(keyId);
// Update key permissions
await app.updateApiKey(keyId, {{
scopes: ['read:events', 'write:webhooks']
}});// Get comprehensive analytics
const analytics = await app.getApiKeyAnalytics({{
period: '30d',
groupBy: 'day'
}});
console.log(analytics);
// {{
// totalRequests: 1234567,
// successRate: 99.8,
// averageLatency: 45,
// topKeys: [
// {{ id: 'key_abc', requests: 50000, name: 'Production' }},
// {{ id: 'key_def', requests: 30000, name: 'Staging' }}
// ],
// anomalies: [
// {{ keyId: 'key_xyz', type: 'unusual_traffic', severity: 'high' }}
// ]
// }}Use cases that make you go "Aha!"
Deploy with confidence using keys that only work from your CI servers.
Receive webhooks securely with intelligent validation and monitoring.
Give partners secure access with precisely controlled permissions.
Real companies that turned API key management into a competitive advantage
Workflow Automation Platform
"We issue 10k+ API keys monthly to our customers. Before 23blocks, key management was our biggest support headache. Now? Automatic rotation, usage analytics, and IP restrictions just work. Support tickets dropped 89%."
Blockchain Analytics Startup
"Our API serves real-time crypto data to hedge funds. One compromised key could be catastrophic. 23blocks' instant revocation and anomaly detection saved us from a potential disaster."
Stop treating API keys like an afterthought. Start treating them like the critical security infrastructure they are.
Get product updates, engineering posts, and new block announcements delivered to your inbox.