Skip to content
Wrapd

Scoped API Keys

By default, an API key can call any endpoint on your account. Scoped keys restrict access to a specific set of endpoints — useful when sharing keys with third parties or CI systems.

Creating a key

Section titled “Creating a key”

Go to Dashboard → API Keys and click New Key. Give it a label (e.g. ci-deploy) and optionally select the endpoints it can access.

The key is shown once after creation. Copy it and store it securely — you won’t be able to see it again.

Scoping to specific endpoints

Section titled “Scoping to specific endpoints”

When creating or editing a key, select one or more endpoints from the list. A scoped key can only call the selected endpoints. Requests to other endpoints are rejected.

If you leave the scope empty, the key is unscoped and can call any endpoint on your account.

Updating scopes

Section titled “Updating scopes”

Go to Dashboard → API Keys, click a key, and update its endpoint scopes. Changes take effect immediately.

Revoking a key

Section titled “Revoking a key”

Click Revoke on any key to permanently disable it. Revoked keys cannot be reactivated — create a new one instead.

When to use scoped keys

Section titled “When to use scoped keys”
  • CI/CD — scope a key to your deploy endpoint only, so a leaked CI secret can’t call other endpoints
  • Third-party integrations — give partners a key that only accesses the endpoints they need
  • Least privilege — limit blast radius if a key is compromised