SAMIOS
Help Center

Create and manage API keys

Create, scope, and revoke API keys so tools like Zapier can access SAMI OS on your behalf.

Open in SAMI OS

API keys let outside tools — like Zapier or your own scripts — connect to SAMI OS through the public API. You create them yourself, choose what they can do, and revoke them the moment you no longer need them.

Create an API key

You'll find API keys in Settings, under the Zapier / API Keys panel.

  1. Open the API keys panel

    Go to Settings and open the API keys section. You'll see your active keys, a Create key button, and a link to the API docs.

  2. Name the key

    Click Create key and give it a name you'll recognize later, such as "Zapier Integration" or "Production". The name is just for you — it helps you tell keys apart when it's time to revoke one.

  3. Choose permissions

    Pick what the key is allowed to do: Read only (view records), Read & write (view and change records), or Admin (all records your account can access). Start with the least access the integration actually needs.

  4. Set an expiry

    Under Expires in, choose Never, 30 days, 90 days, 6 months, or 1 year. A dated expiry limits the damage if a key ever leaks.

  5. Create and copy the key

    Click Create key. SAMI OS shows the full key once, with a copy button. Copy it now and paste it into your integration — it will not be shown again.

The full key is displayed only at creation. If you lose it, you can't recover it — revoke the key and create a new one.

How a key's access works

A key always acts as the user who created it. It can only reach records that user can already see in SAMI OS — including their Contacts, Pipeline, and Messages. The permission you choose narrows that further: a Read only key can never change anything, no matter what the API request asks for.

Because a key inherits your access, treat it like a password. Store it in your integration's secure secret store, not in a shared doc or email.

Review and revoke keys

Each active key in the list shows its name, key prefix (the first few characters, ending in ), the permission badge, when it was last used, and its expiry date if it has one. Use those details to confirm a key is still in use before you remove it.

To revoke a key, click Revoke next to it. The key stops working immediately, and any integration using it will start failing — so swap in a replacement first if the integration still needs access. Revoked keys move into a collapsible Revoked keys list so you keep a record of what was retired.

Open the API docs link at the top of the panel for the full list of endpoints, request formats, and how to authenticate with your key.

Related articles

Last updated 2026-06-21

Was this helpful?