API keys
API keys authenticate every request to the Socialit API and determine which workspace you act on.
Lifecycle
Section titled “Lifecycle”- Create — An admin creates a named key. The full secret (
sk_live_...) is returned once. - Use — Send the secret as
Authorization: Bearer sk_live_...on each request. The key implies the workspace. - Revoke — Revoking a key immediately rejects all requests using it with
401.
Security
Section titled “Security”- Store keys as secrets; never commit them or ship them to browsers/mobile clients.
- Socialit stores only a hash of the secret — it cannot show you the full key again after creation.
- Use a separate key per integration so you can revoke one without affecting others.
Display fields
Section titled “Display fields”In the app, each key shows a non-secret token_prefix (e.g. sk_live_ab12), its name, last-used time, and whether it has been revoked.