API Access & Keys
DevSphere OS provides a read API for programmatic access to your data, secured by organization-scoped API keys. Today the public API exposes read access to your leads and invoices.
#Purpose
#When to use this
#At a glance
| Detail | Value |
|---|---|
| Required permissions | Manage API keys (CEO or admin only) |
| Administrator level | CEO / Admin |
| Portal areas used | Settings (API keys), Public API (v1) |
#Workflow
#Step by step
Open API keys
Create a key
Copy the secret now
Authenticate requests
Rotate or revoke as needed
#Approval points
No formal approval gate
#Security notes
Security considerations
- Keys are shown once and stored only as a hash — neither DevSphere OS nor platform staff can recover a lost key. If a key is lost or exposed, rotate or revoke it and issue a new one.
- Grant each key the narrowest scopes it needs.
- Revoke unused or exposed keys immediately.
- API requests are rate-limited (about 120 requests per minute per key) and logged.
#Best practices
- Use one key per integration so you can revoke it independently.
- Assign least-privilege scopes.
- Rotate keys periodically.
- Never embed keys in client-side or public code.
#Common mistakes
- Not copying the one-time secret before leaving the screen.
- Granting more scopes than the integration needs.
- Committing a key to source control.
#Troubleshooting
| If this happens | Try this |
|---|---|
| 401 invalid_api_key | The key is wrong, revoked, or expired — reissue or rotate it and update your integration. |
| 403 insufficient_scope | The key lacks the required scope; create a new key with the needed scope. |
| 429 rate_limited | You are sending too many requests; slow down (about 120 per minute per key). |
#FAQ
What can the API access today?
Read access to your leads and invoices. Keys carry scopes that control access, and the API expands over time.
Can platform staff read my keys?
No — keys are stored only as a hash, scoped to your organization; they cannot be read back after creation.
Who can manage API keys?
Only a CEO or admin can create, rotate, or revoke keys.
#Keep exploring
#Related admin guides
#Business modules & workflows
Leads via the API.
Invoices via the API.
Initial setup.
How the OS fits together.
Task-level how-tos.
End-to-end processes.
Still need help?
Can’t find what you’re looking for? The DevSphere OS team is happy to help.