# API Access Keys

API Access Keys allow tenant admins to generate credentials for external systems to authenticate against the TilliT API without requiring a user account. Keys are managed from Account Settings.

## Overview

Each API access key has a name, one or more scopes, an expiration date, and an enabled/disabled status. The **client secret** is shown once immediately after creation — it cannot be retrieved again, so it must be copied and stored securely at that time.

Navigate to ***Account Settings > API Access Keys*** by clicking the account icon in the top-right corner.

<figure><img src="/files/s2VKi5RMRIGLdv42JlWQ" alt=""><figcaption></figcaption></figure>

## Create a Key

1. Click ***New API key***.
2. Fill in the required fields (see [Fields](#fields) below).
3. Click ***Create***.

<figure><img src="/files/jchStkhDWp16wKNh2451" alt=""><figcaption></figcaption></figure>

4. Copy the **Key ID** and **Secret** from the confirmation card, then click ***Done***.

<figure><img src="/files/Ra8A0hX0STPQP8gbAqeL" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
The client secret is only shown once. Store it securely before clicking ***Done*** — it cannot be retrieved after this step.
{% endhint %}

The new key appears in the list with its name, Key ID, expiration date, and enabled status.

### Fields

| Field            | Description                                                      |
| ---------------- | ---------------------------------------------------------------- |
| **Name**\*       | A descriptive label for the key.                                 |
| **Scope**\*      | The permissions granted to the key (e.g. Data Read, Data Write). |
| **Expiration**\* | The date after which the key will no longer be valid.            |

\* Required field

## Enable or Disable a Key

Toggle the switch on any key in the list to enable or disable it. The change takes effect immediately.

## Delete a Key

Click the ***✕*** button on a key and confirm the dialog. The key is permanently removed and can no longer be used to authenticate.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.tillit.cloud/tillit/knowledge-base/setting-up-tillit/integrations/api-access-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.