Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.affinity.co/llms.txt

Use this file to discover all available pages before exploring further.

Reference — lookup information.
Last Updated: November 21, 2025 Object Tags: API, API Keys, Integrations, Security, Admin, Manage Apps

Overview

Manage Apps is a centralized interface for admins to view, create, audit, and manage all API keys and integrations in their Affinity instance. This feature provides visibility into active integrations, enables security compliance, and supports safe API key lifecycle management. Who can access: Enterprise Admins (EAs) and Admins with “Manage All API Keys” permission Where to access: Settings > Manage Apps

Key Concepts and How It Works

API Keys

What they are: API keys are authentication credentials that allow external applications to programmatically access your Affinity data via the Affinity API (v1 or v2). Types of API keys: Personal API Keys:
  • Created by individual users for their own integrations
  • Bound to the user’s permissions and data access
  • Subject to org-level API rate limits
  • Appear in Manage Apps table with user’s name
  • Can be managed by the user who created them or admins Affinity Help Keys (Professional Services):
  • Created by Affinity’s Professional Services team for customer integrations
  • NOT bound to customer’s API rate limits
  • Have administrative rights (subject to Enterprise Permissions visibility rules)
  • Appear in Manage Apps as “Affinity Professional Services Key”
  • Can only be created by Professional Services team members
  • Can be revoked by customer admins

Manage Apps Page

What it shows:
  • All active API keys in your instance (personal + Affinity Help)
  • Revoked/historical API keys
  • API usage metrics and rate limits
  • Key details: Name, Description, Created date, Last used, Owner Key capabilities:
  • Audit: See all keys across your entire organization
  • Create: Generate new API keys with names and descriptions
  • Edit: Update key names and descriptions for documentation
  • Revoke: Disable keys that are no longer needed or are security risks
  • Monitor: Track API usage against monthly limits Current release (M1-M3):
  • View API usage and monthly limits
  • See all API keys in instance (active and revoked)
  • Create API keys with names and descriptions
  • Edit key details
  • Revoke keys (your own or others’ if you have permission)
  • Sort and filter keys table Coming soon (M4):
  • Create multiple API keys per user (currently limited to 1 per user)
  • Rate limits decoupled from key to user level

Permissions Model

Who Can Do What

ActionEnterprise AdminAdmin with “Manage All API Keys”User with “Generate API Key”
View Manage Apps page✅ (own keys only)
View all org API keys
View API usage metrics
Create API keys✅ (own keys only)
Edit own API keys
Edit others’ API keys
Revoke own API keys
Revoke others’ API keys
Revoke Affinity Help keys
Permission configuration:
  • Enterprise Admins: Configure permissions in Settings > Roles
  • Non-Enterprise orgs: All admins have full Manage Apps access by default
  • “Generate API Key” permission: Configured in user settings (Admins, EAs, Standard users can have this)

What is an Enterprise Admin (EA)?

Enterprise Admins are a user role available on Affinity’s Enterprise tier with elevated permissions across the CRM, including:
  • Full admin capabilities (user management, billing, settings)
  • Ability to configure custom roles and permissions
  • Access to advanced security and compliance features
  • Can grant/revoke “Manage All API Keys” permission to other users

CRUD - Create, Read, Update, Delete

Create API Key

Steps

  1. Navigate to Settings > Manage Apps
  2. Click “Create New API Key” button
  3. Add Name (required) - describes purpose of integration
  4. Add Description (optional) - additional context
  5. Click “Create”
  6. Copy API key secret (shown only once)
  7. Store secret securely in your integration Current limitation: One API key per user (M4 will enable multiple)
Permissions: Users with “Generate API Key” permission

View API Keys

View all keys (Admins):
  1. Navigate to Settings > Manage Apps
  2. See table showing all keys in instance:
  • Personal keys from all users
    • Affinity Help keys (Professional Services)
    • Revoked/historical keys
  1. Sort by: Name, Owner, Created date, Last used
  2. Filter to active or revoked keys View own keys (Standard users):
  • See only keys they created
  • Cannot see other users’ keys
  • Can see API usage metrics for org Key details shown:
  • Name
  • Description
  • Owner (user who created it)
  • Created date
  • Last used date
  • Status (Active or Revoked)

Update API Key

Edit own key:
  1. Click on key in Manage Apps table
  2. Key detail panel opens
  3. Edit Name or Description
  4. Click “Save” Edit others’ keys (Admins only):
  • Same process, but can edit any user’s key
  • Useful for adding documentation to undocumented keys Note: Cannot edit the key secret itself - must revoke and create new key to rotate secrets

Delete (Revoke) API Key

Revoke own key:
  1. Navigate to Manage Apps
  2. Click on key to open detail panel
  3. Click “Revoke” button
  4. Confirm revocation
  5. Key immediately stops working - any integration using it will fail Revoke others’ keys (Admins only):
  • Same process
  • Used for security incidents or deactivated users
  • Useful for removing Affinity Help keys after Professional Services engagement ends Revoked key behavior:
  • Remains visible in Manage Apps table (for audit trail)
  • Marked as “Revoked” status
  • Can be filtered out using table controls
  • Cannot be un-revoked (must create new key) Permissions: Own keys (anyone), others’ keys (Manage All API Keys permission required)

API Usage Metrics

What you can see:
  • Monthly API limit: Total requests allowed per month for your org
  • Current usage: Requests used so far this month
  • Usage percentage: Visual indicator of consumption
  • Reset date: When monthly counter resets Where to find: Top of Manage Apps page
How limits work:
  • Tied to organization, not individual keys
  • All API keys in org share the same monthly limit
  • Limit determined by your Affinity subscription tier
  • Exceeding limit results in API request failures until reset Note: Rate limits (requests per minute) are currently tied to individual keys - this will change in M4 to be user-level

Frequently Asked Questions

General

Do customers need to change how they authenticate with the API? No. Existing API keys continue to work exactly as before. The Manage Apps interface is for visibility and management only. What happened to the old API page in Settings? The old API page has been removed. All API key creation and management now happens in Manage Apps (Settings > Manage Apps). Technical Contacts configuration has moved to its own dedicated page. Can I see API keys from before Manage Apps launched? Yes. All existing keys are visible in Manage Apps. Pre-existing keys have auto-generated names: “[First Name] [Last Name]‘s API Key”

API Key Creation & Management

How many API keys can I create? Currently: 1 API key per user. Creating a new key will revoke your old key (with warning prompt). Coming in M4: Multiple API keys per user. Can I create API keys for other users? No. Users must create their own API keys. Exception: Professional Services team can create Affinity Help keys for customer integrations. What happens if I deactivate a user who has an active API key? Their API key is automatically revoked when the user is deactivated. This prevents unauthorized access from integrations tied to former employees. The revoked key remains visible in Manage Apps for audit purposes. Can I rotate API keys (change the secret)? Not directly in current release. To rotate: Create a new API key (which revokes the old one), update your integration with new secret. Advanced key rotation (keeping old key active temporarily) is coming in future release.

Security & Auditing

Can I see which API endpoints a key is calling? Not in current release. You can see last used date, but not specific endpoint usage. Advanced activity reporting coming in future milestones. Can Affinity view or manage API keys in my instance? Affinity Support team cannot create, view, or manage your API keys. Only Professional Services team can create Affinity Help keys for customer integrations (with your permission). You can revoke Affinity Help keys at any time. How do I know if an API key is still being used? Check the “Last Used” date in the Manage Apps table. If a key hasn’t been used in 90+ days, consider revoking it. Contact the key owner before revoking to verify it’s not in use. What should I do if I suspect unauthorized API access?
  1. Immediately revoke the suspicious API key in Manage Apps
  2. Review all keys in your instance for unfamiliar integrations
  3. Contact Affinity support if you suspect a security breach
  4. Create new API keys for legitimate integrations
  5. Update your integration credentials promptly

Permissions

Who can access the Manage Apps page?
  • Enterprise orgs: Enterprise Admins and users with “Manage All API Keys” permission
  • Non-Enterprise orgs: All Admins
  • Standard users: Can access if they have “Generate API Key” permission (but only see their own keys) How do I grant someone permission to manage all API keys?
  • Enterprise orgs: Settings > Roles > Configure “Manage All API Keys” permission
  • Non-Enterprise orgs: Promote user to Admin role

Troubleshooting

Problem: “I don’t see the Manage Apps menu option” Solutions:
  • Verify you’re an Admin or have “Manage All API Keys” permission
  • If you have “Generate API Key” permission, you should still see Manage Apps (with limited view)
  • Contact your Enterprise Admin to grant permissions
  • Verify your org has access to Manage Apps feature Problem: “My API key stopped working after someone was deactivated”
Solutions:
  • Check if the deactivated user created the API key (keys are user-bound)
  • Revoked keys appear in Manage Apps - verify status
  • Create new API key and update integration credentials
  • Consider: Have integrations use service account or admin user keys to avoid this Problem: “I can’t find information about which integration is using a specific key”
Solutions:
  • Check the key’s Name and Description in Manage Apps
  • Contact the user who created the key (shown as Owner)
  • Review your integration documentation or development team
  • Add description to undocumented keys for future reference Problem: “I created a new API key but my old integration broke”
Explanation:
  • Currently, creating a new key automatically revokes your old key (1 key per user limit)
  • You must update your existing integration with the new key secret
  • M4 release will allow multiple active keys per user Solutions:
  • Update integration credentials promptly after creating new key
  • Test integration after key rotation
  • Consider waiting for M4 if you need multiple simultaneous keys

Current Release Status

Available Now (M1-M3):
  • ✅ View API usage metrics and monthly limits
  • ✅ See all API keys in instance (personal + Affinity Help)
  • ✅ Create API keys with names and descriptions
  • ✅ Edit API key names and descriptions
  • ✅ Revoke API keys (own or others’ with permission)
  • ✅ Audit historical revoked keys
  • ✅ Sort and organize keys table
  • ✅ Automatic key revocation when users are deactivated Coming Soon (M4):
  • 🚧 Create multiple API keys per user
  • 🚧 Rate limits decoupled from keys to user level
  • 🚧 Improved key rotation workflows Future Releases (M5+):
  • 🔮 OAuth application management
  • 🔮 Advanced scopes (read-only, resource-specific)
  • 🔮 Detailed activity reporting per key
  • 🔮 IP whitelisting

Security Best Practices

Key Creation:
  • Use descriptive names (e.g., “Salesforce Integration”, “Data Warehouse Sync”)
  • Add detailed descriptions (purpose, owner, contact info)
  • Copy secret only once when shown (cannot be retrieved later)
  • Store secrets securely (password manager, secrets management system)
  • Never commit API keys to version control or share in emails Key Management:
  • Audit keys quarterly for unused or orphaned integrations
  • Revoke keys for deactivated users immediately
  • Document all integrations using API keys
  • Review “Last Used” dates to identify stale keys
  • Maintain inventory of which systems use which keys Access Control:
  • Limit “Manage All API Keys” permission to security/ops team only
  • Grant “Generate API Key” permission only to users who need API access
  • Review permissions quarterly
  • Use principle of least privilege Incident Response:
  • If key compromised: Revoke immediately, create new key, update integration
  • Monitor API usage for unusual patterns
  • Keep audit trail of all key creation/revocation events
  • Contact Affinity support for suspected security breaches