API keys — create, scope, revoke

Last updated: April 2026

API keys authenticate external scripts, no-code tools, and partner apps against the Techfleet Sync API. Each key is a bearer token sent in the Authorization header.

Create a key

  1. Go to Settings → API
  2. Click Generate API Key
  3. Name the key (e.g. "Zapier — Orders" or "Internal pricing script")
  4. Pick scopes — read-only, read/write inventory, read/write orders, full access
  5. Copy the key immediately — it is only shown once

Scopes

  • inventory.read / inventory.write
  • orders.read / orders.write
  • buyer-links.read / buyer-links.write
  • channels.read
  • full (all of the above — use only for trusted internal tools)

Revoking a key

Any key can be revoked from Settings → API. Click the trash icon — the key stops working within seconds. Revoke keys whenever a contractor leaves or you suspect a leak.

Key rotation

For long-lived integrations, rotate keys every 90 days. Create the new key first, deploy it, then revoke the old one.

WARNING

Never commit API keys to a public git repo. Use a secret manager or environment variables.

Was this article helpful?

Back to Integrations