API keys

An API key is a secret token tied to your account. If a tool outside the dashboard needs to act for you — pushing a draft, reading your posts, anything — it uses your API key as proof of who it is.

The most common reason to create one is the Obsidian plugin, but the key works with anything that knows the dashboard’s API.

Open Settings → API keys and click Create key. Give it a name that describes where it will be used — “iPhone Obsidian” or “Work laptop”, for example. Names can be up to 80 characters.

The dashboard shows you the full key once, in a dialog with a copy button. Paste it into the tool that needs it immediately — the dashboard never shows the full key again.

The keys list shows, for each active key:

• The name you gave it.
• The first eight characters of the token (its prefix) — so you can match a key in your records back to one in the list without having the full token.
• The date you created it.
• When it was last used — handy for spotting forgotten keys that haven’t been touched in months.

Click Revoke next to a key to disable it instantly. Any tool using that key will stop working immediately and will need a new key to continue. Revoked keys move into a collapsible Revoked keys section below the active list, so there’s still a record of which keys existed and when they were revoked.

An API key is as powerful as your sign-in:

• Never paste a key into a public file, a screenshot, or a chat.
• Use one key per place — one for Obsidian on your laptop, one for Obsidian on your phone, etc. If you lose a device, you can revoke just that key.
• If you suspect a key has leaked, revoke it immediately and issue a new one.