In this article, we will explain what an API key is and how you can create a new one or delete an existing one.
What is an API key?
An API key is a code used to identify and authenticate an application or user. It acts as a unique identifier and provides a secret token for authentication purposes.
For example, you can use an API key to connect your website or information system to Brevo. This will enable you to automatically and manually trigger certain actions between the two.
With an API key, you can also connect to our API to automatically add new contacts, as well as do more complex tasks, such as:
- Creating and scheduling campaigns from the API.
- Exporting users that belong to particular lists.
- Exporting campaign statistics, etc.
To access the full list of commands that you can use with our API, check our API documentation.
Where can I find my API keys?
To protect your API keys and make them more secure, your existing API keys are not visible from your Brevo account. Only the last digits of the keys are displayed on the SMTP & API page so that you can distinguish between several keys if necessary:
That's why we strongly suggest you store your API key in a safe environment when you create your API key. If you've lost your API key, we recommend you create a new one, store it in a safe environment, and replace the previous one.
Create an API key
When configuring an integration with your Brevo account, you may need to create a new API key:
- Go to Your account name > SMTP & API.
- Click Generate a new API key.
- Name your API key. Make sure it specifies with which integration the API key will be used so that you can easily recognize it.
- Click Generate.
- Copy your API key and store it in a safe environment.
❗️ ImportantYour API key is only visible during this step. Once your API key is created, you won't be able to copy it anymore and you'll need to create a new one if you lose it. - Click OK.
You have now successfully created a new API key.
Delete an API key
If your account has been compromised or if you no longer use an integration that requires a particular API key, you can delete that API key:
- Go to Your account name > SMTP & API.
- Select the API key you want to delete.
- Click Delete API key.
You have now successfully deleted your API key.
Best practices with API keys
API keys give full access to your Brevo account and should be protected in the same way as a password. Here are a few best practices to keep in mind when working with API keys:
- Use a different API key for each integration and specify the name of the integration in the name of the API key so that you know exactly which key corresponds to each integration. That way, if an API key is compromised, you can delete it without impacting your other integrations.
- Store your API keys in a safe environment, not in a Word document or post-it note.
- Don't expose your API key to the public. Make sure you hide your API key, or even better, cut it completely in screenshots or videos.
- Never send an API key via email, as this will give access to your Brevo account if someone hacks your email account.
- Always delete API keys that are no longer used to limit the risks of leaks.
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.
If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.