API keys & scopes
Create project-scoped keys and grant least privilege with fine-grained scopes.
Available scopes
Create keys in Settings → API Keys and grant only the scopes a key needs:
| Scope | Grants |
|---|---|
data:read | Read rows via the Data API |
data:write | Insert, update and delete rows |
flows:read | Read flow definitions |
flows:write | Create and modify flows |
sessions:read | Read USSD session data |
contacts:read | Read contacts |
contacts:write | Create and modify contacts |
sms:send | Send outbound SMS |
Using a key
Pass the key as a bearer token or the x-api-key header:
Authorization: Bearer usdly_…
# or
x-api-key: usdly_…Treat keys as secrets
Keys are project-scoped and can be revoked or rotated at any time. Store them in environment variables and never commit them to source control or ship them in client-side code.
