Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.affinity.co/llms.txt

Use this file to discover all available pages before exploring further.

How-to — task-oriented recipe.
Last Updated: November 21, 2025 Object Tags: API Keys, Manage Apps, Integrations, Admin, Security

Overview

Create, edit, and manage API keys for your integrations directly in the Manage Apps interface. This guide covers the complete lifecycle of API key management from creation through documentation and eventual revocation.

Prerequisites

Permissions Required:
  • “Generate API Key” permission (for creating your own keys)
  • OR “Manage All API Keys” permission (for managing all keys in instance)
  • OR Enterprise Admin role Before You Start:
  • Understand what integration you’re building (purpose, data needs)
  • Have integration documentation ready
  • Know where you’ll securely store the API secret
  • Verify your org has available API capacity

Steps

Part 1: Create a New API Key

Step 1: Navigate to Manage Apps

  1. Click Settings in the left navigation
  2. Click Manage Apps
  3. The Manage Apps page opens showing API usage and existing keys

Step 2: Create New API Key

Click the “Create New API Key” button Important: If you already have an active API key, you’ll see a warning that creating a new key will revoke your existing key. Until M4 releases, you can only have 1 active key per user.

Step 3: Add Name and Description

Name (Required):
  • Be specific and descriptive
  • Indicates the purpose or integration
  • Examples:
  • “Salesforce Data Sync”
    • “Data Warehouse ETL”
    • “Looker Reporting Integration”
    • “Custom Dashboard API” Description (Optional but Recommended):
  • Add context about the integration
  • Include: Purpose, owner/team, systems involved
  • Examples:
  • “Syncs Affinity companies to Salesforce accounts nightly. Owned by RevOps team. Contact: jane@company.com
    • “Pulls opportunity data into Snowflake for executive reporting. Managed by Data team.” Why this matters:
  • Future admins can understand what each integration does
  • Helps during security audits
  • Makes it clear which keys can be safely revoked
  • Enables knowledge transfer when people leave

Step 4: Create and Copy Secret

  1. Click “Add App”
  2. The API key secret appears
Critical: Copy the secret immediately - it will only be shown once 4. Store the secret securely:
  • Password manager (1Password, LastPass)
    • Secrets management system (AWS Secrets Manager, HashiCorp Vault)
    • Secure team documentation
  1. Click “Done” after copying Warning: If you lose the secret, you cannot retrieve it. You must create a new API key.

Step 5: Verify Key Creation

  1. New key appears in Manage Apps table
  2. Verify details are correct:
  • Name matches your integration
    • Description is clear
    • Owner shows your name
    • Status is “Active”
  1. If you had an existing key, verify it now shows as “Revoked”

Part 2: Edit API Key Details

Step 1: Open Key Details

  1. Navigate to Settings > Manage Apps
  2. Find the key you want to edit in the table
  3. Click on the key row
  4. Key detail panel opens on the right

Step 2: Edit Name or Description

  1. Click the Edit button (pencil icon) or click directly in Name/Description field
  2. Update the information:
  • Clarify the name if purpose changed
    • Add more context to description
    • Update contact information if owner changed teams
  1. Click “Save” Common reasons to edit:
  • Integration purpose changed
  • Need to add owner contact info
  • Documenting previously undocumented keys
  • Clarifying which system uses this key

Step 3: Verify Changes

  1. Updated information appears in detail panel
  2. Changes also reflect in main Manage Apps table
  3. Audit log records the edit (for compliance)

Part 3: Revoke an API Key

Step 1: Identify Key to Revoke

When to revoke:
  • Integration is no longer needed
  • Security incident or suspected compromise
  • User has left the company
  • Switching to a different integration approach
  • Key hasn’t been used in 90+ days

Step 2: Revoke the Key

From detail panel:
  1. Click on key in Manage Apps table
  2. Detail panel opens
  3. Click “Revoke” button
  4. Confirmation dialog appears
  5. Confirm revocation From table (if available):
  6. Click revoke icon in key’s row
  7. Confirm revocation Warning: Revocation is immediate. Any integration using this key will stop working instantly.

Step 3: Verify Revocation

  1. Key status changes to “Revoked” in table
  2. “Last Used” date freezes at time of revocation
  3. Key remains visible in table for audit trail
  4. Integration using this key will receive authentication errors

Part 4: Manage Keys for Deactivated Users

When a User is Deactivated:

  1. Their API keys are automatically revoked
  2. Keys appear as “Revoked” in Manage Apps
  3. Owner still shows deactivated user’s name
  4. Integration using their key stops working

To Restore Integration:

Option A: Create new key under active user
  1. Have active user create new API key
  2. Update integration with new secret
  3. Document in new key’s description that it replaced deactivated user’s integration Option B: Reactivate user (if appropriate)
  4. Reactivate user in user management
  5. User creates new API key
  6. Update integration credentials

Expected Outcome

  • API key successfully created with clear documentation
  • Secret safely stored in secure location
  • Integration authenticated and working
  • Key visible in Manage Apps for auditing
  • Future admins can understand what each key is for
  • Easy revocation when key is no longer needed

Tips & Best Practices

Naming Conventions:
  • System-based: “[System Name] Integration” (e.g., “Salesforce Integration”)
  • Purpose-based: “[Purpose] API” (e.g., “Data Warehouse ETL”)
  • Team-based: “[Team] [Purpose]” (e.g., “RevOps Reporting”)
  • Be consistent across your org Description Best Practices:
  • Include: Purpose, owner, contact, systems involved, frequency
  • Template: “[Purpose]. Owner: [Team/Person]. Systems: [List]. Frequency: [Daily/Real-time/etc]. Contact: [Email]”
  • Example: “Syncs companies to Snowflake for executive dashboards. Owner: Data Team (data@company.com). Runs nightly via Airflow.” Secret Management:
  • Store in password manager or secrets management system
  • Never store in code repositories, Slack, or email
  • Rotate secrets if potentially compromised
  • Document where secrets are stored in key description Key Hygiene:
  • Review keys quarterly for usage
  • Revoke unused keys (90+ days no activity)
  • Document all integrations in team wiki
  • Maintain inventory mapping keys to systems
  • Update descriptions when integrations change Planning for M4 (Multiple Keys):
  • When M4 releases, consider creating separate keys per integration
  • Makes revocation safer (can disable one integration without affecting others)
  • Improves debugging (can track usage per integration)
  • Better security isolation Team Coordination:
  • Communicate before revoking others’ keys
  • Document key ownership clearly
  • Have process for key creation requests
  • Train team on Manage Apps access and expectations

Common Use Cases

Setting Up Data Warehouse Integration: “I need to set up an integration that pulls Affinity data into our Snowflake warehouse nightly.” → Create API key named “Snowflake ETL”, add description with ETL schedule and owner, copy secret to Airflow secrets manager. Replacing Key for Departed Employee: “An analyst who built our custom dashboard left the company. Their API key was auto-revoked.” → Create new key under active developer’s account, update dashboard credentials, document in description that it replaced former employee’s integration. Auditing Unknown Integration: “I see an API key with no description and don’t know what it’s for.” → Check Last Used date, contact key owner to ask about purpose, add description with their explanation, set reminder to verify usage in 30 days. Revoking Professional Services Key: “Our Professional Services engagement ended 3 months ago and the Affinity Help key is still active.” → Navigate to Manage Apps, find Affinity Professional Services Key, verify Last Used is old, revoke key to close security gap.