Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.affinity.co/llms.txt

Use this file to discover all available pages before exploring further.

How-to — task-oriented recipe.
Last Updated: November 21, 2025 Object Tags: Integrations, API Keys, Security, Third-Party, Data Integration, Setup

Overview

Safely connect third-party tools and platforms to your Affinity CRM using proper API key management practices. This workflow ensures integrations are documented, secured, and maintainable while minimizing security risks and enabling future auditability. What you’ll accomplish: Set up external integrations (data warehouses, reporting tools, marketing platforms) with properly created and documented API keys, secure credential handling, and clear ownership. Who it’s for: IT teams, data engineers, operations managers, admins setting up integrations with Salesforce, Snowflake, Looker, or custom tools. When to use this: Setting up new data warehouse connections, third-party reporting tools, marketing automation integrations, or custom applications accessing Affinity data.

Prerequisites

  • “Generate API Key” permission (to create keys)
  • OR request admin to create key on your behalf
  • Understanding of integration requirements (read-only vs read-write, data scope)
  • Secure credential storage system available
  • Integration platform/tool ready to configure

Workflow Steps

Step 1: Plan the Integration

Define requirements:
  1. What data is needed?
  • Companies, People, Opportunities, Lists?
    • Specific fields or all fields?
    • Historical data or incremental updates?
  1. What access level?
  • Read-only (most third-party tools)
    • Read-write (bi-directional syncs like Salesforce)
  1. What’s the frequency?
  • Real-time via webhooks
    • Scheduled (hourly, daily, weekly)
    • On-demand/manual
  1. Who owns this integration?
  • Which team/person is responsible?
    • Who to contact if it breaks?
    • Where is it documented? Get approval if required:
  • Check with IT security/compliance team
  • Verify integration aligns with data policies
  • Document approval in integration request

Step 2: Create Properly Documented API Key

Navigate to Manage Apps:
  1. Settings > Manage Apps
  2. Click “Create New API Key” Name the key descriptively:
Use clear naming pattern:
  • System-based: “[Tool Name] Integration”
  • Examples: “Snowflake Data Sync”, “Looker Reporting”, “Salesforce Bi-Sync”
  • Purpose-based: “[Purpose] API Key”
  • Examples: “Executive Dashboard API”, “Marketing Automation Key” Add comprehensive description:
Template: 
Purpose: [What this integration does]
Owner: [Team or person responsible]
Contact: [Email for questions]
Systems: [Which external system(s) connect]
Frequency: [How often it runs]
Access: [Read-only or Read-write]
Approved by: [Who approved this integration]
Created: [Date]
Example: 
Purpose: Syncs Affinity opportunities to Snowflake for executive reporting
Owner: Data Engineering team
Contact: data-team@company.com
Systems: Snowflake data warehouse, dbt transformations, Looker dashboards
Frequency: Nightly at 2 AM UTC via Airflow
Access: Read-only
Approved by: CTO (10/15/2025)
Created: 11/21/2025
Click Create:
  1. API key secret appears (shown only once)
  2. Immediately copy the secret
  3. Do not close modal until secret is safely stored

Step 3: Store Secret Securely

Choose secure storage: For production integrations:
  1. Secrets management system (preferred):
  • AWS Secrets Manager
    • HashiCorp Vault
    • Azure Key Vault
    • Google Cloud Secret Manager
CI/CD environment variables:
  • GitHub Secrets
    • GitLab CI Variables
    • CircleCI Environment Variables For user/team access:
Password manager:
  • 1Password (team vault)
    • LastPass (shared folders)
    • Bitwarden (organization vault) Never store in:
  • ❌ Code repositories (even private)
  • ❌ Slack messages or email
  • ❌ Unencrypted documents
  • ❌ Browser bookmarks or notes
  • ❌ Shared spreadsheets Document storage location:
  • Add to key description: “Secret stored in 1Password Engineering vault”
  • Include in team wiki integration documentation
  • Ensure backup access if primary owner unavailable

Step 4: Configure the Integration

In your third-party tool: Common setup patterns: For data warehouses (Snowflake, BigQuery, Redshift):
  1. Configure data pipeline tool (Fivetran, Airbyte, custom ETL)
  2. Add Affinity API key to connector configuration
  3. Set up API endpoint URLs (v1 or v2)
  4. Configure sync frequency and tables
  5. Test connection and initial data pull For reporting tools (Looker, Tableau, Power BI):
  6. Set up data source connection
  7. Add API authentication with your key
  8. Configure data refresh schedule
  9. Test queries and verify data loads For CRM sync (Salesforce, HubSpot):
  10. Install integration connector or middleware
  11. Add Affinity API credentials
  12. Map fields between systems
  13. Configure sync direction (one-way or bi-directional)
  14. Set sync frequency
  15. Run initial test sync For custom applications:
  16. Add API key to application configuration
  17. Implement proper error handling for API failures
  18. Add logging for API requests
  19. Test all API endpoints needed
  20. Implement rate limiting handling

Step 5: Test the Integration

Validation checklist:
Connectivity test:
  • Can system authenticate with API?
    • Are requests succeeding?
    • Check for authentication errors
Data validation:
  • Is correct data flowing?
    • Are all required fields present?
    • Check data accuracy against Affinity
Performance:
  • Is sync completing in expected timeframe?
    • Check API usage in Manage Apps
    • Verify not approaching rate limits
Error handling:
  • What happens if API key is revoked?
    • Are errors logged appropriately?
    • Is there alerting for failures?
Documentation:
  • Is integration documented in wiki?
    • Can someone else maintain this?
    • Are credentials location noted?

Step 6: Monitor and Maintain

Ongoing maintenance: Weekly:
  • Check integration is running successfully
  • Verify data sync is current
  • Review any error logs Monthly:
  • Verify API usage is stable
  • Check key “Last Used” in Manage Apps
  • Ensure integration still meets business needs Quarterly:
  • Review key description - is it still accurate?
  • Verify owner is still correct contact
  • Check if integration documentation needs updates
  • Participate in org-wide API key audit When issues arise:
  1. Check Manage Apps for key status (Active vs Revoked)
  2. Verify API usage hasn’t hit limits
  3. Check integration error logs
  4. Contact Affinity support if API issues suspected

Step 7: Plan for Key Rotation (When Needed)

When to rotate:
  • Annual security policy requirement
  • Team member with key access left company
  • Suspected key exposure
  • Integration ownership changing
  • Upgrading to M4 with multiple keys per user Current rotation process (M3):
Plan downtime window:
  • Integration will break briefly during rotation
    • Schedule during low-usage period
    • Notify stakeholders
Create new key:
  • Create in Manage Apps (revokes old key automatically)
    • Copy new secret immediately
    • Store in secrets management system
Update integration:
  • Replace old secret with new secret in configuration
    • Deploy configuration change
    • Test connection
Verify:
  • Integration working with new key
    • Old key shows “Revoked” in Manage Apps
    • New key shows recent “Last Used” Future rotation (M4+):
  • Create new key while keeping old key active
  • Update integration to use new key
  • Test thoroughly
  • Revoke old key after confirming new key works
  • Zero-downtime rotation

Expected Outcome

  • Third-party integration successfully connected to Affinity
  • API key properly documented with name, description, and purpose
  • Secret stored securely in approved credential management system
  • Integration running reliably with appropriate monitoring
  • Clear ownership and maintenance responsibility established
  • Easy audit trail for security and compliance teams
  • Knowledge transfer possible if owner changes

Tips & Best Practices

Pre-Integration:
  • Get security approval before creating keys for third-party tools
  • Verify vendor security - is third-party tool trustworthy?
  • Check data residency - where will your Affinity data be stored?
  • Review terms - does integration vendor meet your compliance needs? Secret Handling:
  • Copy secret immediately - shown only once at creation
  • Test secret before closing creation modal
  • Store in approved system per InfoSec policy
  • Never share via insecure channels
  • Rotate annually or per security policy Documentation:
  • Name + Description mandatory - make it a standard
  • Include contact info so others can ask questions
  • Link to integration docs in description if possible
  • Update when changes made to integration Testing:
  • Test in non-production first if possible
  • Verify data accuracy before trusting integration
  • Monitor initially closely (daily for first week)
  • Set up alerts for integration failures Monitoring:
  • Check “Last Used” monthly to verify health
  • Monitor API usage to avoid hitting limits
  • Review error logs in your integration platform
  • Audit permissions if integration behavior changes Common Integration Types:
Data Warehouses: Usually read-only, scheduled sync, high volume Reporting Tools: Read-only, moderate frequency, specific fields CRM Sync: Read-write, real-time or frequent, bi-directional Marketing Automation: Read-only, scheduled, specific segments Custom Dashboards: Read-only, real-time or cached, focused queries

Example Use Case

TechVentures needs to connect Affinity to their Snowflake data warehouse for executive reporting: Requirements:
  • Pull all companies, opportunities, and interactions
  • Nightly sync to data warehouse
  • Read-only access (no writing back to Affinity)
  • Dashboard in Looker built on warehouse data Day 1 - Planning:
  1. Data Engineer Sarah reviews Affinity API documentation
  2. Confirms needed endpoints: Companies, Opportunities, Lists, Field Values
  3. Gets approval from CTO and InfoSec team
  4. Documents plan in team wiki Day 2 - Key Creation:
  5. Sarah navigates to Settings > Manage Apps
  6. Clicks “Create New API Key”
Name: “Snowflake Data Warehouse Sync” 4. Description: “Nightly sync of Affinity CRM data to Snowflake for executive dashboards. Owner: Data Engineering (data@techventures.com). Systems: Snowflake, Airbyte, Looker. Frequency: Daily 2 AM UTC. Access: Read-only. Approved by CTO 11/15/2025. Secret stored in AWS Secrets Manager.” 5. Creates key 6. Immediately copies secret 7. Stores in AWS Secrets Manager under key name “affinity/snowflake-etl” 8. Documents secret location in team wiki Day 3 - Integration Configuration:
  1. Configures Airbyte connector for Affinity
  2. Adds API key from AWS Secrets Manager
  3. Selects API v2 endpoints
  4. Maps Affinity objects to Snowflake tables
  5. Sets sync schedule: Daily 2 AM UTC
  6. Runs initial test sync (manual) Day 4 - Testing:
  7. Verifies 500 companies synced successfully
  8. Spot-checks data accuracy (10 random records match)
  9. Confirms all required fields present
  10. Checks Manage Apps: “Last Used” shows recent timestamp
  11. Checks API usage: 2,450 requests used (well under limit) Day 5 - Monitoring Setup:
  12. Configures Airbyte failure alerts (email + Slack)
  13. Sets up daily Snowflake freshness check
  14. Creates Looker dashboard showing sync status
  15. Adds integration to team’s operational documentation Week 2 - Production:
  16. Enables automated nightly sync
  17. Monitors daily for first week
  18. Everything running smoothly
  19. Executives now have accurate CRM dashboards Month 1 - Review:
  20. Sarah checks Manage Apps:
  • Key shows “Last Used” daily
    • API usage stable at ~2.5k requests/day
    • Well under monthly limit
  1. Integration documented in quarterly InfoSec audit
  2. Zero issues or downtime Month 3 - Ownership Transfer:
  3. Sarah leaving for new role
  4. Transfers integration ownership to teammate Mike
  5. Updates key description:
  • Changes contact from sarah@ to mike@
    • Notes ownership transfer date
  1. Mike verified access to AWS Secrets Manager
  2. Seamless transition (key still works, no recreation needed) Month 12 - Annual Rotation:
  3. Security policy requires annual key rotation
  4. Current process (until M4):
  • Plans Saturday 2 AM rotation (low usage time)
    • Creates new key (old revokes automatically)
    • Updates Airbyte configuration immediately
    • Tests sync
    • 15-minute downtime window
  1. With M4 (when available):
  • Creates second key while first active
    • Updates Airbyte to new key
    • Tests thoroughly
    • Revokes old key after verification
    • Zero downtime Result: Successful, secure, maintainable integration with full audit trail and minimal operational overhead.

Expected Outcome

  • Third-party tool successfully connected to Affinity API
  • Data flowing reliably on expected schedule
  • API key fully documented with purpose and ownership
  • Secret stored securely per InfoSec requirements
  • Monitoring and alerting in place for failures
  • Integration documented in team wiki
  • Clear ownership and contact information for maintenance
  • Passes security audit requirements

Tips & Best Practices

Planning Phase:
  • Start with read-only unless write access absolutely necessary
  • Minimize data scope - only pull fields you need
  • Understand rate limits - plan sync frequency accordingly
  • Review vendor security - is third-party tool trustworthy? Key Creation:
  • Descriptive names prevent “What is this?” questions later
  • Rich descriptions enable knowledge transfer
  • Include contacts so others can ask questions
  • Note approval for audit trail Secret Handling:
  • Use secrets manager for production integrations
  • Password manager acceptable for user-level integrations
  • Document storage location in key description
  • Never commit to git - use environment variables
  • Rotate annually or per policy Testing:
  • Test in sandbox first if available
  • Start with small data set before full sync
  • Verify data accuracy - spot check records
  • Monitor API usage during initial loads
  • Set up alerting before going to production Common Third-Party Tools:
Data Warehouses:
  • Snowflake, BigQuery, Redshift
  • Use ETL tools: Fivetran, Airbyte, dbt
  • Read-only access sufficient
  • Schedule overnight syncs Reporting/BI:
  • Looker, Tableau, Power BI
  • Read-only access
  • Can query API directly or via warehouse
  • Consider caching for performance CRM Sync:
  • Salesforce, HubSpot, Pipedrive
  • May need read-write for bi-directional
  • Real-time or frequent syncs
  • Field mapping critical Marketing Tools:
  • Marketo, Pardot, MailChimp
  • Read-only (pull contact lists)
  • Scheduled syncs
  • Privacy compliance important Troubleshooting Integration Issues:
Key revoked accidentally:
  • Create new key with same documentation
  • Update integration immediately
  • Test connection
  • Minimize downtime Hitting rate limits:
  • Check Manage Apps for current usage
  • Reduce sync frequency
  • Batch requests more efficiently
  • Contact Affinity for limit increase if needed Authentication failures:
  • Verify key is still Active in Manage Apps
  • Check secret matches what’s configured
  • Ensure user who created key still active
  • Verify API endpoint URLs are correct

Example Use Case

Velocity Capital Partners needed to sync Affinity data with their internal reporting stack: Their Tech Stack:
  • Affinity (CRM)
  • Snowflake (Data Warehouse)
  • dbt (Transformations)
  • Looker (Dashboards)
  • Airflow (Orchestration) The Integration:
Month 1 - Planning:
  1. Data team identified need for executive KPI dashboard
  2. Required data: Companies, Opportunities, Interactions, Lists
  3. Got approval from CTO and InfoSec
  4. Selected Airbyte for ETL (native Affinity connector) Month 1 Week 2 - Setup:
  5. Created API key:
  • Name: “Snowflake Executive Dashboard Sync”
    • Description: Full details (purpose, owner, systems, schedule, approval)
  1. Stored secret in AWS Secrets Manager
  2. Configured Airbyte:
  • Affinity source with API key from Secrets Manager
    • Snowflake destination
    • Selected all needed endpoints
    • Scheduled: Nightly 2 AM UTC
  1. Ran initial full sync: 10,000 companies, 2,500 opportunities
  2. Verified data in Snowflake matched Affinity Month 1 Week 3 - Production:
  3. Enabled automated nightly sync
  4. Built dbt transformations on raw data
  5. Created Looker dashboards
  6. Presented to executives - big win! Month 6 - Expansion:
  7. Business team wanted CRM sync to Salesforce too
  8. Created second API key:
  • Name: “Salesforce Bi-Directional Sync”
    • Description: Different purpose, different owner (RevOps)
Problem: Hit 1 key per user limit (M3) 2. Solution: Had RevOps team member create key under their account 3. Note: After M4, Data Engineer can have both keys Month 12 - Annual Audit:
  1. Security audit required reviewing all API integrations
  2. Manage Apps provided instant inventory:
  • 2 keys clearly documented
    • Both actively used (Last Used < 24 hours)
    • Owners current and responsive
    • Secrets stored per policy (AWS Secrets Manager)
  1. Passed audit with zero findings

Result

  • Executive team has real-time CRM dashboards
  • RevOps has bi-directional Salesforce sync
  • Both integrations documented and compliant
  • Zero security incidents
  • Zero unplanned downtime
  • Easy audit compliance