Getting Started
Creating API Keys

Creating API Keys

API keys allow you to authenticate programmatic requests to the OliAI Public API. Each key is scoped to your organization and grants access to contacts, audiences, and campaign management.

API key management requires Admin or Super Admin role.

Step-by-Step: Create an API Key

Open Settings

Log in to console.oliai.in (opens in a new tab). In the left sidebar, click Settings, then select API Keys.

Click "Create API Key"

Click the + Create API Key button in the top-right corner of the API Keys page.

Fill in Key Details

FieldDescription
NameA label for this key (e.g., production-integration, data-pipeline)
Expiry Date(Optional) Set an expiration date. Leave blank for a non-expiring key.

Click Create.

Copy Your Key

⚠️

The full API key is only shown once. Copy it immediately and store it securely (e.g., in a secrets manager or .env file). OliAI stores only a hashed version and cannot show the key again.

Your key will look like:

sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Use the Key in API Requests

Pass the key in the x-api-key header of every API request:

curl https://api.oliai.in/v1/contacts \
  -H "x-api-key: sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"

Managing Existing Keys

View Keys

The API Keys page lists all active keys for your organization. Each entry shows:

  • Key name
  • Creation date
  • Last used date
  • Expiry date (if set)
  • Status (Active / Revoked)

Revoke a Key

To disable a key without deleting it, click the Revoke button next to the key. Revoked keys are rejected immediately on use.

Delete a Key

To permanently remove a key, click the Delete (trash) icon. This cannot be undone.

Security Best Practices

  • One key per integration — Create separate keys for each environment (dev, staging, production) and each consuming service.
  • Rotate keys regularly — Create a new key, update your integration, then revoke the old key.
  • Set expiry dates — For temporary integrations or contractors, use a short expiry.
  • Never commit keys to source code — Use environment variables or a secrets manager.
  • Monitor last-used dates — Keys that haven't been used in 30+ days should be reviewed and revoked if no longer needed.

Key Format

All API keys follow the format sk_live_<32-character-token>. Keys are:

  • Cryptographically random (not guessable)
  • Hashed with SHA-256 before storage (OliAI cannot recover the plaintext)
  • Validated on every request for expiration and revocation status
OverviewYour First API Call