Authentication and API Keys
Create, scope, protect, and revoke API keys.
API keys authenticate server-to-server requests to the iSearchFrom API. They belong to a organization and can be scoped to selected permissions.
Create an API key
Section titled “Create an API key”- Open API Keys.
- Confirm the correct organization is active.
- Choose Create Key.
- Enter a descriptive name.
- Select required permissions.
- Generate the key.
- Store the secret immediately.
The full secret is shown only once.
Use an API key
Section titled “Use an API key”Send the key in the X-API-Key header:
curl "https://api.isearchfrom.com/v1/tools/serp/direct-search" \ -H "X-API-Key: $ISEARCHFROM_API_KEY"Permission scoping
Section titled “Permission scoping”Choose the smallest permission set required by the integration.
Permission areas can include:
- project
- search
- search history
- member
- team role
- team settings
- API key
- billing
- invitation
Actions can include create, read, update, and delete.
Security rules
Section titled “Security rules”- Never commit API keys to source control.
- Never expose keys in browser/frontend code.
- Use separate keys per integration.
- Rotate keys when people leave or systems change.
- Revoke unused keys.
- Store keys in a secret manager.
Revoke a key
Section titled “Revoke a key”Revoke a key when:
- it may be compromised
- the integration is retired
- a contractor or vendor no longer needs access
- you need to rotate credentials
Revoked keys stop authenticating requests.
Open in iSearchFrom
Section titled “Open in iSearchFrom”Open API Keys in the app. Create, scope, rotate, and revoke API keys from this page. New key secrets are shown only once.