Managing API Keys

Creating a key

1. Navigate to Settings > API Keys in your workspace
2. Click Create API Key
3. Enter a name (e.g., “Claude Desktop”, “Production Agent”)
4. Select scopes — toggle read/write per domain, or use “Select all”
5. Click Create
6. Copy the key immediately — it’s shown only once

Caution

The full API key (cs_...) is displayed only at creation time. CampaignStack stores a SHA-256 hash for security. If you lose the key, revoke it and create a new one.

Key format

cs_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

• Prefix: cs_ (always)
• Body: 32 hex characters (16 bytes of cryptographic randomness)
• Total length: 35 characters

Viewing keys

The API Keys page shows all active keys with:

• Name — your label for the key
• Key prefix — first 8 characters (cs_a1b2c3) for identification
• Scopes — which permissions are granted
• Created — when the key was created
• Last used — when the key was last used for authentication

Revoking a key

Click the revoke button next to any key. Revocation is immediate and permanent — the key stops working instantly.

Revoked keys are soft-deleted (marked with a revokedAt timestamp) and no longer appear in the key list.

Best practices

• One key per integration — create separate keys for Claude Desktop, Cursor, production agents, etc.
• Minimum scopes — grant only the scopes each integration needs
• Rotate regularly — revoke and recreate keys periodically
• Never commit keys — use environment variables or secret managers