API Keys
Manage Blueputto API keys from one developer settings page. Create, rename, search, and revoke keys for Public API access with governed secret handling.

API Keys are the credential layer for Blueputto's developer surface. They let an organization connect external scripts, internal tooling, and production applications to the Public API without tying those integrations to a personal user session.
In Blueputto, API keys are managed from the dedicated Developers settings area. That matters because the app treats credentials as an organization asset that should be governed over time, not as a hidden technical detail outside the product.
Managed from one developer settings surface
The API Keys page is built as a compact operational table for the active organization. In the current implementation, teams can:
create a new key,
search existing keys,
rename a key,
and delete a key that is no longer needed.
The table also shows two pieces of context that help teams keep integrations understandable as they grow:
when the key was created,
and the current rate limit assigned to that key.
That keeps the feature practical for day-to-day governance. A team can tell which key belongs to which integration, see how old it is, and revoke unused credentials without digging through backend configuration.

The raw secret is revealed once, then hidden
Creating a key is intentionally simple. The create dialog only asks for a name, which keeps the setup step fast when someone is preparing a real integration.
After creation, Blueputto opens a second dialog that shows the full key value with a copy action. That is the only time the raw secret is shown. Once the dialog is closed, the app keeps the key record but no longer exposes the credential itself.
This is the control that turns API keys into a governed secret instead of a reusable plain-text field. Teams are expected to copy the value immediately into the environment where the integration will actually run.
In the current implementation, new keys are created without expiration and start with a default limit of 5 req/s.

Where API Keys fit
API Keys are the handoff point between Blueputto's internal workspaces and external systems. They authenticate requests to the Public API, but they are still governed from inside the app through naming, visibility, and revocation controls.
They also sit inside the broader access model. In the current implementation, API access is gated by plan and managed through organization permissions, which keeps developer credentials aligned with the same operational controls used elsewhere in Blueputto.
