Skip to content

API keys

API keys authenticate every request to the Socialit API and determine which workspace you act on.

  1. Create — An admin creates a named key. The full secret (sk_live_...) is returned once.
  2. Use — Send the secret as Authorization: Bearer sk_live_... on each request. The key implies the workspace.
  3. Revoke — Revoking a key immediately rejects all requests using it with 401.
  • Store keys as secrets; never commit them or ship them to browsers/mobile clients.
  • Socialit stores only a hash of the secret — it cannot show you the full key again after creation.
  • Use a separate key per integration so you can revoke one without affecting others.

In the app, each key shows a non-secret token_prefix (e.g. sk_live_ab12), its name, last-used time, and whether it has been revoked.