API Keys
API keys provide server-to-server authentication for the Rally CRM API. Create keys with scoped permissions, track usage, and rotate them when needed. Keys are scoped to a tenant and can be restricted to read, write, or admin access.
Endpoints
/api/v1/api-keysList all API keys for the tenant/api/v1/api-keysCreate a new API key/api/v1/api-keys/{id}Update key name/scopes/api/v1/api-keys/{id}Revoke an API keyCreate Request
Send a POST request with the following body to create a new API key.
CreateApiKeyRequest
| Property | Type | Required | Description |
|---|---|---|---|
name | string | ✓ | Human-readable name (e.g., "Zapier Sync", "ETL Pipeline") |
scopes | string | — | Comma-separated: "read", "write", "admin" (default: "read") |
expiresAt | DateTime? | — | Expiration date (null = never expires) |
Response Model
Returned when listing or fetching API keys. The full key value is never included in list responses.
ApiKeyResponse
| Property | Type | Required | Description |
|---|---|---|---|
id | Guid | ✓ | Unique key identifier |
keyPrefix | string | ✓ | First characters shown (e.g., "rk_live_") |
name | string | ✓ | Human-readable key name |
scopes | string | ✓ | Assigned permission scopes |
expiresAt | DateTime? | — | Expiration date (null if the key never expires) |
lastUsedAt | DateTime? | — | Timestamp of the last API call using this key |
isActive | bool | ✓ | Whether the key is currently active |
createdAt | DateTime | ✓ | When the key was created |
createdBy | string? | — | User who created the key |
[
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"keyPrefix": "rk_live_",
"name": "Zapier Sync",
"scopes": "read,write",
"expiresAt": "2026-01-01T00:00:00Z",
"lastUsedAt": "2025-02-01T14:32:00Z",
"isActive": true,
"createdAt": "2025-01-15T09:00:00Z",
"createdBy": "admin@acme.com"
}
]Created Response
Returned only once when a new API key is created. This is the only time the full key value is available.
ApiKeyCreatedResponse
| Property | Type | Required | Description |
|---|---|---|---|
id | Guid | ✓ | Unique key identifier |
key | string | ✓ | Full API key (only shown once at creation!) |
keyPrefix | string | ✓ | Prefix for identification (e.g., "rk_live_") |
name | string | ✓ | Human-readable key name |
scopes | string | ✓ | Assigned permission scopes |
expiresAt | DateTime? | — | Expiration date |
createdAt | DateTime | ✓ | When the key was created |
Important
The full API key is only shown once at creation time. Store it securely — it cannot be retrieved later. If you lose the key, you will need to revoke it and create a new one.
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"key": "rk_live_7f3a9b2c4d1e8f5a6b0c3d9e2f7a1b4c",
"keyPrefix": "rk_live_",
"name": "Zapier Sync",
"scopes": "read,write",
"expiresAt": "2026-01-01T00:00:00Z",
"createdAt": "2025-01-15T09:00:00Z"
}Examples
Create an API Key
curl -X POST https://your-tenant.rallycrm.io/api/v1/api-keys \
-H "Authorization: Bearer eyJhbGci..." \
-H "Content-Type: application/json" \
-d '{
"name": "Zapier Sync",
"scopes": "read,write",
"expiresAt": "2026-01-01T00:00:00Z"
}'List API Keys
curl https://your-tenant.rallycrm.io/api/v1/api-keys \
-H "X-Api-Key: rk_live_your_api_key_here"Revoke an API Key
curl -X DELETE https://your-tenant.rallycrm.io/api/v1/api-keys/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
-H "X-Api-Key: rk_live_your_api_key_here"Next Steps
API Overview →
Authentication, rate limits, pagination, and error handling.
Webhooks →
Subscribe to real-time events and receive webhook notifications.
Sync & Changes →
Track incremental changes for ETL and integration workflows.
Import / Export →
Bulk import and export contacts, companies, deals, and activities.