Farin Farin
Get started →
Admin and internal tools

Create and manage API keys safely

Use the API keys page to issue the smallest key you need, review what is active, and revoke old access cleanly.

4 min read · Updated Mar 18, 2026 · Managers and admins handling machine access

Use API Keys when another system needs machine access to Farin.

The safest default is still the smallest key that can do the job.

Quick facts

Start here

  • Least privilege is the right default for API keys.
  • Old keys should be reviewed and revoked on a regular cadence.
  • One key per integration is easier to manage than one shared key for everything.

Step 1: Create only the key the integration really needs

Open API Keys and create a new key only when the integration scope is clear.

Name the key clearly so the team knows which system owns it later.

The API keys page is where you create the access key and keep its ownership clear for the next review.
  1. 1 Give the key a clear name so the team knows which integration owns it later.
  2. 2 Grant only the domains and access level the integration actually needs.
  3. 3 Review the existing key list during every audit so old or revoked access is obvious.

Step 2: Review and revoke old keys cleanly

  • Retire keys that no longer belong to an active integration.
  • Do not leave mystery keys active longer than necessary.

Related guides

Keep going

Admin and settings 4 min read

Customize navigation for each role

Keep the app shell focused by showing the routes each role actually needs and hiding the ones that create noise.

navigationrolessettingsadmin