API Access
Organisation API access is managed from Access > API Keys.
Create API credentials for backend integrations, scripts, and services that need to call Infuse APIs. Do not use a personal user session for server-to-server integrations.
Create an API Key Principal
- Open Access > API Keys.
- Select Create principal.
- Enter a display name that identifies the integration.
- Choose a status.
- Optionally set an expiry date.
- Create credentials for the principal.
- Assign the roles the integration needs.
An API key principal represents the integration. Credentials under that principal are the secrets your backend stores and uses.
Assign Access
After creating the principal, assign organisation roles that match the integration's job. Start with the narrowest role that allows the workflow to succeed.
Use groups and role assignments when several users or integrations need the same access pattern.
Direct API Key Authentication
Organisation owners or admins can enable Direct API key authentication from Settings > Organisation Details.
When enabled, supported clients can call APIs with direct API key authorization instead of exchanging the credential for a bearer token first.
Keep API keys server-side. Rotate credentials regularly and revoke any credential that is no longer needed or may have been exposed.
For credential lifecycle guidance, see API Tokens, Token Exchange, and Rotate and Revoke Credentials.