Overview
Admins can manage API keys, OAuth apps, webhooks, and webhook delivery failures from the API settings page. Some API features may depend on your workspace plan.API keys, OAuth apps, and webhooks are available on the Startup plan, Business plan, and Enterprise plan.The API settings page has separate sections for API Keys, OAuth Apps, Webhooks, and Webhook delivery failures. OAuth apps and webhook detail pages have their own nested routes. Go to Settings > API.
| API area | Route pattern | Use it for |
|---|---|---|
| API overview | /settings/api | Keys, apps, webhooks, failures. |
| OAuth app detail | /settings/api/oauth/{appId} | Review one OAuth app. |
| Webhook detail | /settings/api/webhooks/{webhookId} | Review one webhook. |
| Delivery detail | /settings/api/deliveries/{deliveryId} | Inspect one failed delivery. |
API keys
API keys allow external systems to access Sayless.Create API key
Create an API key when an internal tool or integration needs access. Only create keys for systems you trust. Treat API keys like passwords.Copy API key
Copy the key when it is created and store it securely. If the app only shows the secret once, store it before closing the success modal.Revoke API key
Revoke keys that are no longer needed or may be exposed. Rotating a key usually means creating a replacement, updating the external system, then revoking the old key.API keys and OAuth secrets should be treated like passwords. Do not paste them into tickets, comments, notes, or broadcasts.