API Keys
Overview
API keys authenticate your requests to the You.com API. You can create and manage your keys from the API Keys page on the Platform.
Creating an API key
- Go to you.com/platform/api-keys
- Click Create API Key
- Give your key a descriptive name (e.g., “Production”, “Development”)
- Copy the key immediately — it will only be shown once
Store your API key securely as soon as it’s created. You won’t be able to view the full key again after leaving the page.
Viewing and managing keys
The API Keys page shows all your active keys with:
- Key name
- Creation date
- Last used date
- A partially masked key value
You can rename or delete keys from this page at any time.
Rotating and revoking keys
To rotate a key, create a new key, update your applications to use the new key, and then delete the old one.
To revoke a key immediately, click Delete next to the key on the API Keys page. Revoked keys stop working immediately.
If you suspect a key has been compromised, revoke it immediately and create a new one.
Security best practices
- Use environment variables — Store API keys in environment variables, not in your source code.
- Never commit keys to version control — Add
.envfiles to your.gitignore. - Use separate keys for each environment — Create distinct keys for development, staging, and production.
- Rotate keys regularly — Periodically rotate keys to limit the impact of any potential exposure.
- Apply least privilege — Only share keys with team members and services that need them.
