Skip to main content

Overview

API keys let external systems and scripts authenticate with Go Autonomous programmatically. Each API key is tied to a service account — a non-human identity that can call Go Autonomous APIs on behalf of your organization. Use API keys when you need to:
  • Integrate third-party systems that push or pull data from Go Autonomous.
  • Automate workflows that interact with the platform API.
  • Connect custom applications to your Go Autonomous environment.

The API Keys page

Navigate to Administration > Company Settings > API Keys to manage your service accounts. The page is split into two tabs:
  • Active Keys — keys that are currently valid and can be used to authenticate.
  • Revoked Keys — keys that have been disabled and can no longer be used. Kept for reference and auditing.
Each tab shows a counter next to the label so you can see at a glance how many keys are in each state. For every key, the table shows:
  • Name — the descriptive label you gave the service account.
  • Key — a masked preview of the key value.
  • Created by — the name of the user who created the key. If the user has since been deleted, this displays “Deleted user”.
  • Creation date — when the key was created.

Audit trail

Click the Audit trail button in the top-right of the page to open a drawer with the full history of API key activity — keys created, revoked, and other changes — along with who performed each action and when. Use the audit trail to:
  • Audit who created or revoked a key.
  • Investigate when a key was last changed.
  • Confirm that a revocation took effect.
The audit trail mirrors entries shown in the broader Audit Trail, but scoped to API key events only.

Create an API key

1

Click Add API Key

Click the add button to create a new service account and API key.
2

Name the service account

Enter a descriptive name that identifies the integration or system that will use this key (e.g., “ERP Sync Service” or “Reporting Dashboard”).
3

Save and copy the key

After creation, the API key is displayed. Copy it immediately — for security reasons, the full key is only shown once.
Store API keys securely. Treat them like passwords — never commit them to source control or share them in plain text. If a key is compromised, revoke it immediately and create a new one.

Revoke an API key

If an API key is no longer needed or has been compromised, revoke it to immediately disable access:
  1. On the Active Keys tab, find the service account in the list.
  2. Click the Revoke icon on the corresponding row.
  3. Confirm the revocation.
The key moves to the Revoked Keys tab and the action is recorded in the audit trail.
Revoking a key is permanent. Any system using the revoked key will immediately lose access and will need to be updated with a new key.

Best practices

  • Use one key per integration — this makes it easy to revoke access for a single system without affecting others.
  • Rotate keys regularly — create new keys and update your systems periodically as a security measure.
  • Name keys descriptively — use names that make it obvious which system uses each key, so you can manage them confidently.
  • Track key ownership — the API Keys page shows who created each key, making it easier to follow up if a key needs to be rotated or investigated.

What’s next