Skip to main content

Documentation Index

Fetch the complete documentation index at: https://knowledge.goautonomous.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

API keys let external systems and scripts authenticate with Go Autonomous programmatically. Each API key is tied to a service account — a non-human identity that can call Go Autonomous APIs on behalf of your organization. Use API keys when you need to:
  • Integrate third-party systems that push or pull data from Go Autonomous.
  • Automate workflows that interact with the platform API.
  • Connect custom applications to your Go Autonomous environment.

The API Keys page

Navigate to Administration > Company Settings > API Keys to manage your service accounts. The page lists all active API keys with the following details:
  • Name — the descriptive label you gave the service account.
  • Created by — the name of the user who created the key. If the user has since been deleted, this displays “Deleted user”.
  • Creation date — when the key was created.

Create an API key

1

Click Add API Key

Click the add button to create a new service account and API key.
2

Name the service account

Enter a descriptive name that identifies the integration or system that will use this key (e.g., “ERP Sync Service” or “Reporting Dashboard”).
3

Save and copy the key

After creation, the API key is displayed. Copy it immediately — for security reasons, the full key is only shown once.
Store API keys securely. Treat them like passwords — never commit them to source control or share them in plain text. If a key is compromised, revoke it immediately and create a new one.

Revoke an API key

If an API key is no longer needed or has been compromised, revoke it to immediately disable access:
  1. Find the service account in the API Keys list.
  2. Click Revoke on the corresponding row.
  3. Confirm the revocation.
Revoking a key is permanent. Any system using the revoked key will immediately lose access and will need to be updated with a new key.

Best practices

  • Use one key per integration — this makes it easy to revoke access for a single system without affecting others.
  • Rotate keys regularly — create new keys and update your systems periodically as a security measure.
  • Name keys descriptively — use names that make it obvious which system uses each key, so you can manage them confidently.
  • Track key ownership — the API Keys page shows who created each key, making it easier to follow up if a key needs to be rotated or investigated.

What’s next