Restricted API keys

Automations & Integrations

Updated March 20, 2026

Who can use this feature

Related subproduct Integrations

Available on Enterprise

Restricted API keys let you scope an API key user’s access to specific resources — workflows, pages, forms, files, or data sets. Instead of giving an API key full admin access, you can limit it to exactly what it needs.

Availability: Restricted API keys are available on Enterprise plans.

How restricted API keys work

Every API key has an associated API key user in your organization. By default, that user is created as an Admin. With restricted API keys, you can change the user’s role and grant access to only the specific resources it needs.

API key users have a few important properties:

They’re never added to the All Organization group.
They only see resources you explicitly share with them.
Their role and permissions can be updated at any time.

Manage API key user access

To view and manage your API key users, go to Users & Guests → API Key Users.

From there you can:

See all API key users in your organization
Change a API key user’s role

Create a restricted API key

Go to Integrations.
Click + New API Key.
Give the key a name.
Go to Users & Guests and filter by API Key Users.
Set the user’s role. Choose Builder role for the most flexibility.
Go to the specific workflows, pages, forms, files, or data sets and assign the appropriate permissions to the API key user with the key name you created.

Frequently asked questions

Can I update an existing API key’s permissions?

Yes. Go to Users & Guests → API Key Users, find the key, and edit its role, then go to each workflow, form, file, etc and assign the API key user to it. Changes take effect immediately.