Skip to main content

API keys

API keys let other tools on your team use RuleForge on your behalf — for example, to validate rules from an internal script or to trigger RuleForge inside an automation.

When to create a key

Create a key when you want an external tool to do something on behalf of your organization without opening the browser. Examples:

  • a script that validates rules before a deploy;
  • an internal tool that imports test cases;
  • an automation that checks a project's status.

For personal use in the browser, you don't need a key — just sign in normally.

How to create a key

  1. Open Settings → API keys.
  2. Click New key.
  3. Choose what the key is allowed to do (access levels are presented on the screen).
  4. Set an expiration if the integration is temporary.
  5. Copy the key value shown on screen.

Important: the full key value is displayed only once, at creation time. Store it in a secrets manager immediately. If you lose it, you'll need to generate a new one.

Rotate and revoke

  • Rotate: generates a new value for the same key without breaking the existing configuration. Use periodically as a best practice.
  • Revoke: ends the key's access immediately. Use when the key was exposed, or when the integration is no longer needed.

All actions are recorded in the organization's audit log.

Best practices

  • Grant only the access the integration really needs.
  • Use expiration whenever you can.
  • Rotate periodically.
  • Revoke unused keys.
  • Don't share the same key between different systems — a leak in one is easier to contain.
  • Never place keys in versioned repositories or chat messages.

FAQ

I created the key but can't see the full value anymore

That's expected. The value appears only at creation. Generate a new key and discard the previous one.

I don't see the option to create API keys

It might be a plan limitation. Check Billing and plans or ask the person responsible for the organization.

We need more than one access level

Create separate keys, each with the minimum scope needed. This also makes it easier to revoke one without affecting the others.