> ## Documentation Index
> Fetch the complete documentation index at: https://support.affinity.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage Apps Reference

> Reference: Manage Apps Reference

<Note>
  **Reference** — lookup information.
</Note>

**Last Updated:** November 21, 2025

**Object Tags:** API, API Keys, Integrations, Security, Admin, Manage Apps

## Overview

Manage Apps is a centralized interface for admins to view, create, audit, and manage all API keys and integrations in their Affinity instance. This feature provides visibility into active integrations, enables security compliance, and supports safe API key lifecycle management.

**Who can access:** Enterprise Admins (EAs) and Admins with "Manage All API Keys" permission

**Where to access:** Settings > Manage Apps

## Key Concepts and How It Works

### API Keys

**What they are:** API keys are authentication credentials that allow external applications to programmatically access your Affinity data via the Affinity API (v1 or v2).

**Types of API keys:**

**Personal API Keys:**

* Created by individual users for their own integrations
* Bound to the user's permissions and data access
* Subject to org-level API rate limits
* Appear in Manage Apps table with user's name
* Can be managed by the user who created them or admins

**Affinity Help Keys (Professional Services):**

* Created by Affinity's Professional Services team for customer integrations
* NOT bound to customer's API rate limits
* Have administrative rights (subject to Enterprise Permissions visibility rules)
* Appear in Manage Apps as "Affinity Professional Services Key"
* Can only be created by Professional Services team members
* Can be revoked by customer admins

### Manage Apps Page

**What it shows:**

* All active API keys in your instance (personal + Affinity Help)
* Revoked/historical API keys
* API usage metrics and rate limits
* Key details: Name, Description, Created date, Last used, Owner

**Key capabilities:**

* **Audit**: See all keys across your entire organization
* **Create**: Generate new API keys with names and descriptions
* **Edit**: Update key names and descriptions for documentation
* **Revoke**: Disable keys that are no longer needed or are security risks
* **Monitor**: Track API usage against monthly limits

**Current release:**

* View API usage and monthly limits
* See all API keys in instance (active and revoked)
* Create API keys with names and descriptions
* Edit key details
* Revoke keys (your own or others' if you have permission)
* Sort and filter keys table
* Create multiple API keys per user (currently limited to 1 per user)
* Rate limits decoupled from key to user level

## Permissions Model

### Who Can Do What

| Action                    | Enterprise Admin | Admin with "Manage All API Keys" | User with "Generate API Key" |
| ------------------------- | ---------------- | -------------------------------- | ---------------------------- |
| View Manage Apps page     | ✅                | ✅                                | ✅ (own keys only)            |
| View all org API keys     | ✅                | ✅                                | ❌                            |
| View API usage metrics    | ✅                | ✅                                | ✅                            |
| Create API keys           | ✅                | ✅                                | ✅ (own keys only)            |
| Edit own API keys         | ✅                | ✅                                | ✅                            |
| Edit others' API keys     | ✅                | ✅                                | ❌                            |
| Revoke own API keys       | ✅                | ✅                                | ✅                            |
| Revoke others' API keys   | ✅                | ✅                                | ❌                            |
| Revoke Affinity Help keys | ✅                | ✅                                | ❌                            |

**Permission configuration:**

* **Enterprise Admins**: Configure permissions in Settings > Roles
* **Non-Enterprise orgs**: All admins have full Manage Apps access by default
* **"Generate API Key" permission**: Configured in user settings (Admins, EAs, Standard users can have this)

### What is an Enterprise Admin (EA)?

Enterprise Admins are a user role available on Affinity's Enterprise tier with elevated permissions across the CRM, including:

* Full admin capabilities (user management, billing, settings)
* Ability to configure custom roles and permissions
* Access to advanced security and compliance features
* Can grant/revoke "Manage All API Keys" permission to other users

## CRUD - Create, Read, Update, Delete

### Create API Key

## Steps

1. Navigate to Settings > Manage Apps
2. Click "Create New API Key" button
3. Add Name (required) - describes purpose of integration
4. Add Description (optional) - additional context
5. Click "Create"
6. Copy API key secret (shown only once)
7. Store secret securely in your integration

**Current limitation:** One API key per user (M4 will enable multiple)

**Permissions:** Users with "Generate API Key" permission

### View API Keys

**View all keys (Admins):**

1. Navigate to Settings > Manage Apps
2. See table showing all keys in instance:

* Personal keys from all users
  * Affinity Help keys (Professional Services)
  * Revoked/historical keys

1. Sort by: Name, Owner, Created date, Last used
2. Filter to active or revoked keys

**View own keys (Standard users):**

* See only keys they created
* Cannot see other users' keys
* Can see API usage metrics for org

**Key details shown:**

* Name
* Description
* Owner (user who created it)
* Created date
* Last used date
* Status (Active or Revoked)

### Update API Key

**Edit own key:**

1. Click on key in Manage Apps table
2. Key detail panel opens
3. Edit Name or Description
4. Click "Save"

**Edit others' keys (Admins only):**

* Same process, but can edit any user's key
* Useful for adding documentation to undocumented keys **Note:** Cannot edit the key secret itself - must revoke and create new key to rotate secrets

### Delete (Revoke) API Key

**Revoke own key:**

1. Navigate to Manage Apps
2. Click on key to open detail panel
3. Click "Revoke" button
4. Confirm revocation
5. Key immediately stops working - any integration using it will fail

**Revoke others' keys (Admins only):**

* Same process
* Used for security incidents or deactivated users
* Useful for removing Affinity Help keys after Professional Services engagement ends

**Revoked key behavior:**

* Remains visible in Manage Apps table (for audit trail)
* Marked as "Revoked" status
* Can be filtered out using table controls
* Cannot be un-revoked (must create new key) **Permissions:** Own keys (anyone), others' keys (Manage All API Keys permission required)

## API Usage Metrics

**What you can see:**

* **Monthly API limit**: Total requests allowed per month for your org
* **Current usage**: Requests used so far this month
* **Usage percentage**: Visual indicator of consumption
* **Reset date**: When monthly counter resets **Where to find:** Top of Manage Apps page

**How limits work:**

* Tied to organization, not individual keys
* All API keys in org share the same monthly limit
* Limit determined by your Affinity subscription tier
* Exceeding limit results in API request failures until reset **Note:** Rate limits (requests per minute) are currently tied to individual keys - this will change in M4 to be user-level

## Frequently Asked Questions

### General

**Do customers need to change how they authenticate with the API?**

No. Existing API keys continue to work exactly as before. The Manage Apps interface is for visibility and management only.

**What happened to the old API page in Settings?**

The old API page has been removed. All API key creation and management now happens in Manage Apps (Settings > Manage Apps). Technical Contacts configuration has moved to its own dedicated page.

**Can I see API keys from before Manage Apps launched?**

Yes. All existing keys are visible in Manage Apps. Pre-existing keys have auto-generated names: "\[First Name] \[Last Name]'s API Key"

### API Key Creation & Management

**How many API keys can I create?**

Currently: 1 API key per user. Creating a new key will revoke your old key (with warning prompt). Coming in M4: Multiple API keys per user.

**Can I create API keys for other users?**

No. Users must create their own API keys. Exception: Professional Services team can create Affinity Help keys for customer integrations.

**What happens if I deactivate a user who has an active API key?**

Their API key is automatically revoked when the user is deactivated. This prevents unauthorized access from integrations tied to former employees. The revoked key remains visible in Manage Apps for audit purposes.

**Can I rotate API keys (change the secret)?**

Not directly in current release. To rotate: Create a new API key (which revokes the old one), update your integration with new secret. Advanced key rotation (keeping old key active temporarily) is coming in future release.

### Security & Auditing

**Can I see which API endpoints a key is calling?**

Not in current release. You can see last used date, but not specific endpoint usage. Advanced activity reporting coming in future milestones.

**Can Affinity view or manage API keys in my instance?**

Affinity Support team cannot create, view, or manage your API keys. Only Professional Services team can create Affinity Help keys for customer integrations (with your permission). You can revoke Affinity Help keys at any time.

**How do I know if an API key is still being used?**

Check the "Last Used" date in the Manage Apps table. If a key hasn't been used in 90+ days, consider revoking it. Contact the key owner before revoking to verify it's not in use.

**What should I do if I suspect unauthorized API access?**

1. Immediately revoke the suspicious API key in Manage Apps
2. Review all keys in your instance for unfamiliar integrations
3. Contact Affinity support if you suspect a security breach
4. Create new API keys for legitimate integrations
5. Update your integration credentials promptly

### Permissions

**Who can access the Manage Apps page?**

* **Enterprise orgs**: Enterprise Admins and users with "Manage All API Keys" permission
* **Non-Enterprise orgs**: All Admins
* **Standard users**: Can access if they have "Generate API Key" permission (but only see their own keys)

**How do I grant someone permission to manage all API keys?**

* **Enterprise orgs**: Settings > Roles > Configure "Manage All API Keys" permission
* **Non-Enterprise orgs**: Promote user to Admin role

## Troubleshooting

**Problem: "I don't see the Manage Apps menu option"**

**Solutions:**

* Verify you're an Admin or have "Manage All API Keys" permission
* If you have "Generate API Key" permission, you should still see Manage Apps (with limited view)
* Contact your Enterprise Admin to grant permissions
* Verify your org has access to Manage Apps feature

**Problem: "My API key stopped working after someone was deactivated"**

**Solutions:**

* Check if the deactivated user created the API key (keys are user-bound)
* Revoked keys appear in Manage Apps - verify status
* Create new API key and update integration credentials
* Consider: Have integrations use service account or admin user keys to avoid this

**Problem: "I can't find information about which integration is using a specific key"**

**Solutions:**

* Check the key's Name and Description in Manage Apps
* Contact the user who created the key (shown as Owner)
* Review your integration documentation or development team
* Add description to undocumented keys for future reference

**Problem: "I created a new API key but my old integration broke"**

**Explanation:**

* Currently, creating a new key automatically revokes your old key (1 key per user limit)
* You must update your existing integration with the new key secret

**Solutions:**

* Update integration credentials promptly after creating new key
* Test integration after key rotation
* Consider waiting for M4 if you need multiple simultaneous keys

## Security Best Practices

**Key Creation:**

* Use descriptive names (e.g., "Salesforce Integration", "Data Warehouse Sync")
* Add detailed descriptions (purpose, owner, contact info)
* Copy secret only once when shown (cannot be retrieved later)
* Store secrets securely (password manager, secrets management system)
* Never commit API keys to version control or share in emails

**Key Management:**

* Audit keys quarterly for unused or orphaned integrations
* Revoke keys for deactivated users immediately
* Document all integrations using API keys
* Review "Last Used" dates to identify stale keys
* Maintain inventory of which systems use which keys

**Access Control:**

* Limit "Manage All API Keys" permission to security/ops team only
* Grant "Generate API Key" permission only to users who need API access
* Review permissions quarterly
* Use principle of least privilege

**Incident Response:**

* If key compromised: Revoke immediately, create new key, update integration
* Monitor API usage for unusual patterns
* Keep audit trail of all key creation/revocation events
* Contact Affinity support for suspected security breaches

***
