API Keys let you authenticate against the Databases API from external applications, scripts, or integrations. Each key can have granular permissions and a configurable expiration date.
Creating an API Key
Go to settings
Navigate to Settings > API Keys from the left sidebar.
Click + Create API key
The button is located in the upper-right corner.
Configure the key
Fill in the following fields:
- Name — A descriptive name to identify the key (e.g. “CI Bot”, “Backend Production”)
- Permissions — Select the permissions the key needs
- Expiration — How long the key should remain valid
Click Create
The key is generated and displayed only once. Copy it and store it in a safe place.
The full key is only shown once at the moment of creation. If you lose it, you will need to regenerate the key or create a new one.
Available permissions
Permissions are divided into two categories:
Records
| Permission | Description |
|---|
| Read records | Allows reading and searching records in collections |
| Create & update records | Allows creating new records and updating existing ones |
| Delete records | Allows deleting records |
| Permission | Description |
|---|
| Read files | Allows downloading file attachments |
| Upload files | Allows uploading files to records |
Apply the principle of least privilege: grant only the permissions the application actually needs. For example, a read-only dashboard only requires Read records.
Expiration options
| Option | Description |
|---|
| 7 days | The key expires in 7 days |
| 30 days | The key expires in 30 days (default) |
| 60 days | The key expires in 60 days |
| 90 days | The key expires in 90 days |
| 180 days | The key expires in 180 days |
| No expiration | The key never expires |
Keys with no expiration are not automatically revoked. Use them only when strictly necessary and combine them with minimum permissions.
Managing API Keys
The API Keys table shows all created keys with the following information:
- Name — Key name
- Permissions — Assigned permissions
- Key — The last characters of the key (masked)
- Created — Creation date
- Expires — Expiration date
Available actions
- Regenerate — Generates a new key while keeping the same name and permissions. The previous key stops working immediately.
- Delete — Permanently deletes the key. Any application using it will lose access immediately.
Using the API Key
Include the key in the X-Api-Key header of your HTTP requests:
curl -s -X GET 'https://your-instance.jelou.cloud/api/collections/your_collection/records' \
-H 'X-Api-Key: YOUR_API_KEY' \
-H 'Accept: application/json'
