API keys & scopes

Create project-scoped keys and grant least privilege with fine-grained scopes.

Available scopes

Create keys in Settings → API Keys and grant only the scopes a key needs:

ScopeGrants
data:readRead rows via the Data API
data:writeInsert, update and delete rows
flows:readRead flow definitions
flows:writeCreate and modify flows
sessions:readRead USSD session data
contacts:readRead contacts
contacts:writeCreate and modify contacts
sms:sendSend outbound SMS

Using a key

Pass the key as a bearer token or the x-api-key header:

Authorization: Bearer usdly_…
# or
x-api-key: usdly_…

Treat keys as secrets

Keys are project-scoped and can be revoked or rotated at any time. Store them in environment variables and never commit them to source control or ship them in client-side code.