Menu
Feedback
Start here
Tutorials
Developer portal
Known Issues
Support Rules
Troubleshooting
Frequently Asked Questions
Announcements
Tutorials
Operational
Apps
Beta
B2B
Intelligent Search
Conversational Commerce
Master Data
Store Settings
Security
Dashboards
Storefront
Shipping
Account management
Unified Commerce
Billing
Orders
Authentication
Integrations
Sellers
Promotions & taxes
Trade policies
Catalog
Message center
Other
Infrastructure
Omnichannel
Checkout
Subscriptions
VTEX Tracking
Payments
Prices
Tutorials
Explore in-depth tutorials for operating your VTEX store.
Tutorials
Beta
API Keys Beta
Generated keys (Beta)
Generated keys (Beta)

This feature is in closed beta, so only selected clients can access it now. If you are interested in implementing it in the future, please contact our Support team.

Internal API keys are credentials generated in and managed by your VTEX account. This means you should have access to all pairs of API keys and tokens, which is akin to usernames and passwords for API integrations.

The Generated tab lists the API keys created by your account.

The page displays the following information in a table:

ColumnDescription
Key/NameAPI key, followed by the name defined when creating the key.
Token durationDuration of the API token.
RolesRoles associated with the API key.
Created dateAPI key created date.
StatusAPI key status, which can be Active or Inactive.

This page allows you to:

Generating keys

Follow the instructions below to create a new API key:

  1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.

  2. Make sure you are in the Generated tab.

  3. Click + Generate Key.

  4. Complete the Key identification field with a name to identify the API key. This field is required.

  5. Select the roles that will be associated with the key. By default, no role is pre-selected.

    Select only the roles required for the integration that will use the API key. Unrestricted use of overly permissive roles increases the risk of store attacks through leaked login credentials.

  6. Click Generate.

  7. Click Copy to copy the API token to the clipboard. This secret will only be displayed once. Save it in a safe place. At this step, the key is already active and available for use.

  8. Click Close.

Editing generated keys

Follow the steps below to change an API key:

  1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
  2. Make sure you are in the Generated tab.
  3. In the row of the desired API key, click the kebab menu (⋮) and then Edit.
  4. Apply the desired changes from the options below:
  • Change the role selection associated with the API key.
  • Check or uncheck the Activate option to deactivate or activate the generated key.
  1. Click Save.

Deactivating or activating generated keys

If an API that has access to your account is compromised, you should immediately revoke its access to your account. You can generate a new key to replace the previous one if necessary.

If you make a mistake, you can reactivate the API key to reestablish the impacted integration.

Follow the steps below to change an API key:

  1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.

  2. Make sure you are in the Generated tab.

  3. In the row of the desired API key, click the kebab menu (⋮) and choose one of the following actions:

    • Deactivate: If the key is active, click Deactivate to deactivate it. This action will interrupt integrations using the key, so use it with caution. You need to click Deactivate again to confirm the action.
    • Activate: If the key is inactive, click Activate to activate it.

You should only reactivate an API key if you are sure it has not been compromised. Anyone with the associated API token can access your account when the key is active.

Renewing tokens

The token associated with an API key is only valid during the period set when configuring the duration of API keys. You must renew the API token before it expires to maintain continuous access to resources and guarantee security.

To do this, follow the instructions described in Renewing API tokens.

Deleting keys

API keys that will no longer be used can be deleted. By deleting these keys, you can keep the list organized and make it easier to manage the keys in use.

Ensure the API key is no longer in use by any integration before deleting it. This action cannot be undone.

To delete an API key permanently, follow the steps below:

  1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
  2. Make sure you are in the Generated tab.
  3. In the row of the desired API key, click the kebab menu (⋮) and then Delete Key.
  4. Check the option I understand that this action cannot be undone.
  5. Click Delete to confirm.

Learn more

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Introduction to VTEX
Next »
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback