Skip to content

Authentication and API Keys

Create, scope, protect, and revoke API keys.

API keys authenticate server-to-server requests to the iSearchFrom API. They belong to a organization and can be scoped to selected permissions.

  1. Open API Keys.
  2. Confirm the correct organization is active.
  3. Choose Create Key.
  4. Enter a descriptive name.
  5. Select required permissions.
  6. Generate the key.
  7. Store the secret immediately.

The full secret is shown only once.

Send the key in the X-API-Key header:

Terminal window
curl "https://api.isearchfrom.com/v1/tools/serp/direct-search" \
-H "X-API-Key: $ISEARCHFROM_API_KEY"

Choose the smallest permission set required by the integration.

Permission areas can include:

  • project
  • search
  • search history
  • member
  • team role
  • team settings
  • API key
  • billing
  • invitation

Actions can include create, read, update, and delete.

  • Never commit API keys to source control.
  • Never expose keys in browser/frontend code.
  • Use separate keys per integration.
  • Rotate keys when people leave or systems change.
  • Revoke unused keys.
  • Store keys in a secret manager.

Revoke a key when:

  • it may be compromised
  • the integration is retired
  • a contractor or vendor no longer needs access
  • you need to rotate credentials

Revoked keys stop authenticating requests.

Open API Keys in the app. Create, scope, rotate, and revoke API keys from this page. New key secrets are shown only once.