API Keys

API keys allow programmatic access to MyEmailVault without requiring interactive login. Keys are scoped to the permissions of the user who created them.

Navigating to API Keys

Go to Settings > API Keys in the sidebar.

Generating a Key

Click Create API Key.
Enter a name to identify the key's purpose (e.g., "Ingestion Script" or "Monitoring").
Set an expiry between 1 and 730 days.
Click Create.

The raw API key is displayed immediately after creation. Copy it and store it securely. The key is only shown once and cannot be retrieved later.

Permissions

An API key inherits the full permissions of the user who created it. If the creating user has a Super Admin role, the key has Super Admin access. If the creating user has an Auditor role, the key is limited to Auditor permissions.

Using an API Key

Include the key in the X-API-KEY header of your HTTP requests:

X-API-KEY: your-api-key-here

All standard permission checks apply. Requests that exceed the key's inherited permissions will be rejected.

Revoking a Key

Select a key from the list and click Revoke. The key is immediately invalidated and can no longer be used for authentication. Revocation is permanent.

API Keys ​

Navigating to API Keys ​

Generating a Key ​

Permissions ​