SAMIOS
Help Center

Create and manage API keys

Create, scope, expire, and revoke API keys to connect SAMI OS to Zapier and other tools.

Open in SAMI OS

API keys let outside tools — like Zapier or your own scripts — read and write your SAMI OS data through the API. You create them from the Integrations area, choose what each key can do, and revoke any key the moment you no longer need it.

Create an API key

You'll find API keys in the Zapier / API Keys panel under Integrations. Each key you create is shown in full only once, so have a secure place ready to store it.

  1. Open the API Keys panel

    Go to Settings → Integrations and find the API keys section. Select Create key.

  2. Name the key

    Give it a clear name so you can recognize it later — for example, "Zapier Integration" or "Production". The name is just for you; it doesn't affect what the key can do.

  3. Choose permissions

    Pick what the key is allowed to do: Read only (view records), Read & write (view and change records), or Admin (all records your account can access). Choose the narrowest option that still gets the job done.

  4. Set an expiry

    Under Expires in, choose Never, 30 days, 90 days, 6 months, or 1 year. A shorter window is safer for keys handed to a third party.

  5. Copy the key

    Select Create key, then copy the key right away. It is not shown again — if you lose it, you'll need to create a new one.

Treat an API key like a password. It acts as you — it can only reach records your user account can access, with the permissions you selected — so anyone holding it has that same reach. Keep keys in a secure secret store, never in shared docs or client-side code.

How permissions and access work

A key never grants more than the person who made it already has. If you can't see a contact in Contacts or a deal in Pipeline, neither can a key you create. The permission you chose then narrows that further: a Read only key can pull data but can't change it, while Read & write and Admin keys can update records on your behalf.

Because keys inherit your access, the cleanest setup is one key per integration, each scoped to the minimum it needs. That way you can revoke a single key without disrupting your other connections.

Revoke a key

Revoking a key turns it off immediately — any tool still using it will start getting rejected, so swap in a replacement first if the integration needs to keep running.

  1. Find the active key

    In the API keys panel, locate the key in the Active keys list. Each row shows its name, permission badge, and expiry.

  2. Revoke it

    Select Revoke on that key. It moves to the Revoked keys list and can no longer be used.

For the full list of endpoints and request formats, open the API docs link at the top of the API keys panel. Pair it with a webhook or app connection set up in Integrations to automate your workflow end to end.

Related articles

Last updated 2026-06-21

Was this helpful?