Getting an API Key
- Log in to the Poelis web application ↗︎
- Navigate to Settings ↗︎ → API Keys ↗︎
- Click Create API Key
- Give your key a descriptive name (e.g., “Production Integration”, “CI/CD Pipeline”)
- Copy the key immediately - it won’t be shown again!
Using Your API Key
Include your API key in theAuthorization header of every request using the Bearer token format:
Example Request
API Key Format
API keys follow this format:- Prefix:
poelis_api_ - Length: Variable (typically 40-60 characters)
- Example:
poelis_api_yyRCEbuLi8ugnBWNixCZQL4xKlLKBh-Gi_6zFf4CCIE
Key Scoping
API keys are organization-scoped, meaning:- ✅ Access to all workspaces in your organization
- ✅ Access to all products, items, and properties within those workspaces
- ❌ No access to resources outside your organization
- ❌ No access to other organizations’ data
Security Best Practices
Store Securely
Use environment variables or secret management tools (e.g., AWS Secrets Manager, HashiCorp Vault)
Rotate Regularly
Rotate your API keys periodically, especially if they may have been compromised
Use Different Keys
Create separate keys for different usecases
Monitor Usage
Review API key usage in your dashboard to detect unusual activity
Key Management
Creating Multiple Keys
You can create multiple API keys for different purposes:- Production: For live integrations
- CI/CD: For automated pipelines
- Monitoring: For health checks and monitoring tools
Revoking Keys
If a key is compromised or no longer needed:- Go to Settings ↗︎ → API Keys ↗︎
- Find the key you want to revoke
- Click Revoke
- The key will be immediately invalidated
Error Responses
If your API key is missing/invalid/revoked, the API returns401 Unauthorized with the standard error body format. See Response Format and Status Codes for canonical examples.
Next Steps
- Learn about Rate Limiting to understand API usage limits
- Explore the API Reference to see all available endpoints
- Check out Error Handling for proper error management