Skip to main content
API keys authenticate scripts, CI jobs, and partner systems to the Planasonix REST API. Treat each key like a password: short-lived where possible, scoped, and stored in a secret manager.

Create a key

1

Open API keys

Go to OrganizationAPI keys (exact label may vary by role).
2

Name and scope

Choose a descriptive name (prod-dbt-deploy) and the scopes the integration needs—read-only vs run triggers vs admin operations.
3

Copy once

Copy the secret when shown; many deployments never display it again. If you lose it, rotate and create a new key.

Using keys in requests

Send the key in the header your workspace documents—commonly: 
Authorization: Bearer YOUR_API_KEY
or a dedicated header such as X-Planasonix-Key. See Authentication for the exact format and scope behavior.
Keys are tied to a workspace and optionally a service user. User keys inherit that user’s permissions; service keys use the scopes you assign at creation.

Rotation and revocation

  • Rotate before employees leave or after a suspected leak. Create the new key, update callers, then revoke the old key.
  • Revoke immediately if a pipeline logs expose the secret or a vendor breach occurs.

IP allowlists

When Session policy enforces IP restrictions, API traffic from automation must originate from approved CIDR blocks or use a permitted egress proxy.

API reference

Base URL, rate limits, and response shapes.

Webhooks

Inbound HTTP triggers that complement outbound API use.