API Keys
API keys let you authenticate requests to the StatusPage.me API from your own scripts, CI pipelines, or integrations — without using your account password.
Plan requirement: API key creation requires a plan that includes API access. If the API Keys section is not visible on your Security page, upgrade your plan to enable it.
Creating an API Key
- Go to Security in your dashboard (
/user/security). - Scroll to the API Keys section.
- Enter a descriptive name for the key (up to 120 characters) so you can recognize it later.
- Click Create API Key.
- Copy the token immediately — it is shown only once and cannot be retrieved later. A copy button is shown alongside the token in the confirmation dialog.
Once you close the dialog, only the key’s name, prefix, and creation date are stored. The full token is never displayed again.
Using an API Key
Include your API key as a Bearer token in the Authorization header of your requests:
Authorization: Bearer spk_yourtokenhere
Managing API Keys
The API Keys table on the Security page shows:
| Column | Description |
|---|---|
| Name | The label you gave the key |
| Prefix | The first few characters of the token (for identification) |
| Created | When the key was created |
| Last used | When the key last made a successful request |
| Status | Active or Revoked |
Revoking an API Key
To revoke a key:
- Find the key in the API Keys table.
- Click Revoke and confirm.
Revocation is immediate — any requests using that token will be rejected. Revoked keys remain listed so you have an audit record of previously active keys.
Security Best Practices
- Name keys descriptively — e.g. “GitHub Actions deploy” or “Local dev script” so you know what’s using each key.
- One key per integration — if a key is leaked, you can revoke only the affected key without disrupting other integrations.
- Revoke unused keys — remove keys you’re no longer using to reduce your attack surface.
- Never commit tokens to source control — use environment variables or a secrets manager.