> ## Documentation Index
> Fetch the complete documentation index at: https://docs.finta.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create, manage, and scope API keys for the Finta API.

API keys authenticate your requests to the Finta API. You can create as many keys as you need — one per project, environment, or integration — and manage them from [API settings](https://app.finta.io/settings/api).

## Creating a key

1. Go to [API settings](https://app.finta.io/settings/api).
2. Click **Create Key**.
3. Give it a descriptive name (e.g. *Production*, *Personal scripts*).
4. Optionally restrict which accounts the key can access (see [Account scope](#account-scope) below).
5. Click **Create Key** — the secret is shown **once**. Copy it now.

Creating a key enables [Storage Mode](/getting-started/storage-mode) automatically if it isn't already on.

## Naming keys

Every key has a name. Use names that make it obvious where each key is used so you can safely rotate or delete individual keys without guessing what depends on them.

To rename a key after creation, click **Rename** next to it in [API settings](https://app.finta.io/settings/api).

## Account scope

By default, a key can access all of your accounts, including any you connect in the future. You can restrict a key to a specific set of accounts — useful for isolating what a particular integration or script can see.

### Setting scope when creating a key

In the **Create Key** dialog, turn off **Share all accounts** and select the accounts you want the key to access.

### Editing scope after creation

1. Open [API settings](https://app.finta.io/settings/api).
2. Click **Edit scope** next to the key.
3. Toggle **Share all accounts** or check/uncheck individual accounts.
4. Click **Save**.

Changes take effect immediately — no need to rotate the key.

### How scope is enforced

When a key has a restricted scope, any request for an account outside that scope returns `404 NOT_FOUND`, the same as if the resource does not exist. This avoids leaking that the account exists at all.

An empty scope (all accounts) is the default and includes accounts you add in the future.

## Rotating a key

Rotating generates a new secret and immediately invalidates the old one. The key's **name and account scope are preserved** — only the secret changes.

1. Click **Rotate** next to the key in [API settings](https://app.finta.io/settings/api).
2. Confirm the rotation.
3. Copy the new secret — it is shown **once**.
4. Update any applications using the old key before closing the dialog.

## Deleting a key

Deleting a key permanently invalidates it. Any application using that key will stop working immediately.

1. Click **Delete** next to the key in [API settings](https://app.finta.io/settings/api).
2. Confirm deletion.

This cannot be undone. If you want to cycle the secret without disrupting integrations, use **Rotate** instead.
