signedapproval
Help Center

API Keys

Create, manage, and revoke sa_live_ API keys for authenticating with the SignedApproval API.

Key Concepts

API keys authenticate external callers with the SignedApproval API. Each key uses the prefix sa_live_ and grants permissions to create approval requests, check their status, and verify signatures.

Keys are hashed with API_KEY_HASH_SECRET before storage. SignedApproval never stores keys in plaintext. The raw key is shown only once at creation time.

Create an API Key
1

Open API key settings

Navigate to Dashboard → Settings → API Keys.

2

Create a new key

Click Create Key. Enter a descriptive name that identifies the caller, such as "CI/CD Pipeline", "LangChain Agent", or "Clevername Integration".

3

Copy and secure the key

The full API key is displayed once. Copy it immediately and store it in a secure location:

  • Environment variable (SIGNEDAPPROVAL_API_KEY)
  • Secrets manager (AWS Secrets Manager, GCP Secret Manager, Vault)
  • CI/CD secret store (GitHub Actions secrets, Vercel environment variables)
Important
The API key cannot be viewed again after this screen. If you lose it, create a new one and revoke the old one.

Key Scopes

API keys currently grant these scopes:

  • approval:create -- Create new approval requests via POST.
  • approval:read -- Check the status of approval requests via GET.
  • approval:verify -- Verify signed decisions (though the public endpoint needs no auth).

Revoking Keys

To revoke an API key, go to Settings → API Keys and click the delete icon next to the key you want to revoke. Revocation is immediate -- any requests using that key will start receiving 401 errors.

Revoked keys cannot be recovered. If you revoked a key by mistake, create a new one.

Key Rotation

Best practice for rotating keys:

  1. Create a new key.
  2. Update your application to use the new key.
  3. Verify the application works with the new key.
  4. Revoke the old key.

Both keys remain valid during the transition period, so there is no downtime.

Using API Keys

Pass the API key in the Authorization header:

bash
curl -X POST https://signedapproval.net/api/v1/approvals/request \
  -H "Authorization: Bearer sa_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"action": "Transfer funds"}'
Tip
Create separate API keys for each integration or service. This way, if one key is compromised, you can revoke it without affecting other services. Name keys descriptively so you know which to revoke.
Related Articles
API AuthenticationBootstrap FlowCreate Approval Request