Search

Create and manage your API keys

In this article, we will explain what an API key is and how you can create a new one or delete an existing one.

Good to know

Only Brevo users with API keys permission can access the API Keys & MCP page, create a new API key, or delete an existing API key.

➡️ To learn more about user permissions and permission levels, check our dedicated article User permissions and permission levels in Brevo.

What is an API key?

An API key is a code used to identify and authenticate an application or user. It acts as a unique identifier and provides a secret token for authentication purposes.

For example, you can use an API key to connect your website or information system to Brevo. This will enable you to automatically and manually trigger certain actions between the two.

With an API key, you can also connect to our API to automatically add new contacts, as well as do more complex tasks, such as:

  • Creating and scheduling campaigns from the API.
  • Exporting users that belong to particular lists.
  • Exporting campaign statistics, etc.

To access the full list of commands that you can use with our API, check our API documentation.

Where can I find my API keys?

To protect your API keys and make them more secure, your existing API keys are not visible from your Brevo account. Only the last digits of the keys are displayed on the API Keys & MCP page so that you can distinguish between several keys if necessary:

API_keys.jpg

That's why we strongly suggest you store your API key in a safe environment when you create your API key. If you've lost your API key, we recommend you create a new one, store it in a safe environment, and replace the previous one.

Create an API key

💡 Good to know
Whenever an API key is created or deleted from the account, the account owner will receive an email notification, including details such as the IP address and location.

When configuring an integration with your Brevo account, you may need to create a new API key:

  1. Click your account dropdown and select Settings > SMTP & API > API Keys & MCP.
  2. Click Generate a new API key.
    create_new_key.jpg
  3. Name your API key. Make sure it specifies with which integration the API key will be used so that you can easily recognize it.
  4. Click Generate.
    name_key.jpg
  5. Copy your API key and store it in a safe environment.
    ❗️ Important
    Your API key is only visible during this step. Once your API key is created, you won't be able to copy it anymore and you'll need to create a new one if you lose it.
    plugins_copy-api-key_en-us.png
  6. (Optional) Activate the Create MCP server API key option to generate a version of the API key allowing you to connect an AI system to Brevo via the MCP protocol. To learn more, check our dedicated article What is Model Context Protocol (MCP)?.
    💡 Good to know
    If you activate the Create MCP server API key, the API key created in step 4 is deactivated and a MCP version of the API key is generated instead.
  7. Click OK.

You have now successfully created a new API key.

Deactivate an API key

If you want to temporarily pause the usage of an API key instead of deleting it completely, you can deactivate it:

  1. Click your account dropdown and select Settings > SMTP & API > API Keys & MCP.
  2. Select the API key you want to deactivate.
  3. Click Deactivate API key.
    API_deactivate-key_en-us.png

You have now successfully deactivated your API key.

Delete an API key

❗️ Important
Deleting an API key is irreversible. Before deleting an API key, make sure you no longer use the integration that requires it or that you've replaced it with a new API key. If you delete an API key that is still being used, you'll experience integration failures.

If your account has been compromised or if you no longer use an integration that requires a particular API key, you can delete that API key:

  1. Click your account dropdown and select Settings > SMTP & API > API Keys & MCP.
  2. Select the API key you want to delete.
  3. Click Delete API key.delete_key.jpg

You have now successfully deleted your API key.

Best practices with API keys

❗️ Important

To improve security and reduce the risk of exposure from unused credentials, inactive API keys expire after 90 days

API keys give full access to your Brevo account and should be protected in the same way as a password. Here are a few best practices to keep in mind when working with API keys:

  • Use a different API key for each integration and specify the name of the integration in the name of the API key so that you know exactly which key corresponds to each integration. That way, if an API key is compromised, you can delete it without impacting your other integrations.
  • Store your API keys in a safe environment, not in a Word document or post-it note.
  • Don't expose your API key to the public. Make sure you hide your API key, or even better, cut it completely in screenshots or videos.
  • Never send an API key via email, as this will give access to your Brevo account if someone hacks your email account.
  • Always delete API keys that are no longer used to limit the risks of leaks.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo Agency partner.

💬 Was this article helpful?

124 out of 187 found this helpful