Skip to main content
This guide explains how to create and manage API keys that allow external applications to access your workspace data programmatically.
This feature requires administrator or workspace owner permissions. Changes made here affect all users in your workspace.
Who should read this: Workspace administrators and developers who need to integrate PlaneConnection with external systems.Prerequisites: Admin or Account Owner role. API key management must be enabled for your workspace.

When to use API keys

API keys provide programmatic access to your workspace data through the PlaneConnection API. Common use cases include:
  • Syncing trip data with your scheduling software
  • Pulling safety report data into external dashboards
  • Automating invoice creation from your accounting system
  • Feeding fleet status into your company website

Create an API key

2
Go to Settings > API Keys. This page lists all active and revoked API keys for your workspace.
3
Click New API Key
4
Click the New API Key button at the top of the page.
5
Configure the key
6
FieldDescriptionNameA descriptive name (e.g., “QuickBooks Integration” or “Fleet Dashboard”).PermissionsSelect which API scopes this key can access (read-only, read-write, or specific modules).ExpirationSet an expiration date or choose “No expiration.” Keys with expiration dates are recommended for security.
7
Copy the key
8
After creation, the full API key is displayed once. Copy it immediately and store it securely. You will not be able to view the full key again.
Treat API keys like passwords. Never commit them to version control, share them in plain text, or include them in client-side code. If a key is compromised, revoke it immediately and create a new one.

Rotate an API key

To replace an existing key without downtime:
1
Create a new key
2
Follow the creation steps above, giving the new key the same permissions as the key you are replacing.
3
Update your integration
4
Update the external application to use the new API key.
5
Verify the integration
6
Confirm the external application works with the new key.
7
Revoke the old key
8
Once the new key is confirmed working, revoke the old key (see below).

Revoke an API key

  1. Navigate to Settings > API Keys.
  2. Find the key you want to revoke.
  3. Click the Revoke action on the key row.
  4. Confirm the revocation.
Revoked keys stop working immediately. Any application using the revoked key will receive 401 Unauthorized responses.
Revoked keys remain visible in the key list with a Revoked status for audit trail purposes. They cannot be re-activated — create a new key instead.

API key best practices

PracticeWhy
Use descriptive namesIdentify which integration each key belongs to at a glance.
Set expiration datesLimits damage from compromised keys.
Use minimum permissionsOnly grant the scopes the integration actually needs.
Rotate keys periodicallyReplace keys every 90 days as a security hygiene practice.
Monitor usage in audit logReview Settings > Audit Log for unusual API key activity.

API Overview

API endpoints and usage documentation.

API Authentication

How to authenticate API requests.

Configure Webhooks

Receive real-time event notifications.

Manage Security

Broader workspace security settings.
Last modified on April 11, 2026