Citatra

Management

API Keys

Generate and manage API keys to access Citatra's data programmatically.

Overview

API Keys let you query Citatra's data from your own scripts, dashboards, or third-party tools without using the web interface. Each key is scoped to a single workspace and carries the same read/write permissions as the team member who created it.

Access API Keys from Settings → API Keys in the left sidebar.

ℹ️ Info

API access is available on Pro and Enterprise plans only.

Generating a Key

  1. Click New API Key.
  2. Enter a descriptive name (e.g., Data warehouse sync, Internal dashboard, Zapier integration).
  3. Click Create.

The key is displayed once immediately after creation. Copy it and store it securely — Citatra does not store the raw key value and cannot retrieve it for you later.

Using Your API Key

Include your API key in the Authorization header of every request:

Authorization: Bearer YOUR_API_KEY

The base URL for all API requests is https://app.citatra.com/api/v1.

Refer to the API reference documentation for available endpoints, request parameters, and response schemas.

Key Scope & Permissions

  • Each key is tied to the workspace it was created in. It cannot access data from other workspaces.
  • The key inherits the role of the creating team member. Keys created by an Admin have admin-level access; keys created by a Member have member-level access.
  • API keys can read and write data (create prompts, fetch results, update settings) unless you restrict them to read-only at creation time.

Revoking a Key

To revoke a key, click the Revoke button next to it in the API Keys list. Revocation is immediate — any requests using that key will receive a 401 Unauthorized response from that point forward.

Revoked keys are removed from the list and cannot be reinstated. Generate a new key if you need to replace a revoked one.

Security Best Practices

  • Never commit API keys to version control. Use environment variables or a secrets manager.
  • Create one key per integration so you can revoke individual keys without disrupting other integrations.
  • Use read-only keys for dashboards and monitoring tools that only need to query data.
  • Rotate keys periodically, especially after a team member with API access leaves.
SettingsPlans & Pricing