Managing API Credentials

This guide walks you through how to find, create, and manage your API credentials in the Violet Merchant Dashboard.

Finding the API Credentials Page

1. Log in to your Merchant Dashboard.

2. Click your name in the bottom-left corner of the sidebar to open your profile menu.

3. Click Settings.

4. In the settings sidebar on the left, look under the Merchant heading and click API Credentials.

You are now on the API Credentials page, where you can generate and manage your API keys for feed uploads and integration.

Generating Your First API Key

If you have not yet created an API key, you will see a message that reads "No Active API Key Generated."

1. Click the Generate New API Key button.

2. A confirmation dialog will appear reminding you to treat your API key like a password. Click Generate Key to proceed.

3. Wait a few seconds while your key is generated.

4. Your new API key will be displayed on screen. This is the only time the full key will be shown. Click Copy to copy it to your clipboard.

5. Store the key in a secure location (for example, a password manager or secrets vault) before navigating away from the page.

Important: If you leave or refresh the page without copying your key, you will not be able to view the full key again. You would need to rotate your key to generate a new one.

Viewing Your Current API Key

Once you have an active API key, the API Credentials page displays a Current API Key card with the following details:

• Key value (masked for security after the initial generation)

• Created Date -- when the key was generated

• Last Used -- when the key was last used, or "Never" if it hasn't been used yet

• Version -- the version number of your key

• Status -- the current state of your key (e.g., ACTIVE)

Rotating Your API Key

If you need a new key -- for example, if your current key may have been exposed -- you can rotate it. Rotation creates a new key while keeping the old one active for a limited grace period so you have time to update your integrations.

1. On the API Credentials page, click the Rotate Key button on your current key card.

2. Read the confirmation message, then click Confirm & Rotate.

3. Wait a few seconds while the new key is generated.

4. Your new API key will be displayed. Click Copy to copy it, and store it securely.

5. Your old key will appear in a separate Rotated API Key card below, showing how much time remains in the grace period (e.g., "Expires in: 2d 5h remaining").

6. Update your integrations to use the new key before the grace period ends. Once the grace period expires, the old key will stop working automatically.

Note: You cannot rotate your key while a previous rotation is still in its grace period. If you need to immediately stop an old key from working, revoke it first.

Revoking an API Key

Revoking a key immediately and permanently disables it. Use this if a key has been compromised or is no longer needed.

1. On the API Credentials page, click the Revoke Key button on the key you want to revoke. You can revoke either your current key or an old key that is still in its grace period.

2. A confirmation dialog will appear warning you that this action cannot be undone.

3. Type REVOKE in the confirmation field.

4. Click the Revoke Key button to confirm.

5. Wait a few seconds while the key is revoked.

After revocation, any system using that key will immediately lose access. If you revoke your only active key, the page will return to the initial state where you can generate a new one.

Warning: Revoking a key is irreversible. Make sure any systems relying on the key have been updated before you proceed.

Quick Reference

Frequently Asked Questions

Can I have more than one active key at the same time? Only during a rotation grace period. When you rotate, both the new key and the old key will work until the grace period ends or you revoke the old key.

What happens if I lose my API key? The full key is only displayed once, at the time it is generated or rotated. If you lose it, use the Rotate Key option to generate a new one.

Where should I store my API key? Store it in a secure location such as a password manager, environment variable, or secrets management system. Never share your key publicly or commit it to source control.