This feature is in closed beta, so only selected clients can access it now. If you are interested in implementing it in the future, please contact our Support team.

Internal API keys are credentials generated in and managed by your VTEX account. This means you should have access to all pairs of API keys and tokens, which is akin to usernames and passwords for API integrations.

The Generated tab lists the API keys created by your account.

The page displays the following information in a table:

Column	Description
Key/Name	API key, followed by the name defined when creating the key.
Token duration	Duration of the API token.
Roles	Roles associated with the API key.
Created date	API key created date.
Status	API key status, which can be Active or Inactive.

This page allows you to:

• Generate keys
• Edit generated keys
• Deactivate or activate generated keys
• Renew tokens
• Delete keys

Follow the instructions below to create a new API key:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.

2. Make sure you are in the Generated tab.

3. Click + Generate Key.

4. Complete the Key identification field with a name to identify the API key. This field is required.

5. Select the roles that will be associated with the key. By default, no role is pre-selected.

   Select only the roles required for the integration that will use the API key. Unrestricted use of overly permissive roles increases the risk of store attacks through leaked login credentials.

6. Click Generate.

7. Click Copy to copy the API token to the clipboard. This secret will only be displayed once. Save it in a safe place. At this step, the key is already active and available for use.

8. Click Close.

Follow the steps below to change an API key:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
2. Make sure you are in the Generated tab.
3. In the row of the desired API key, click the kebab menu (⋮) and then Edit.
4. Apply the desired changes from the options below:

• Change the role selection associated with the API key.
• Check or uncheck the Activate option to deactivate or activate the generated key.

5. Click Save.

If an API that has access to your account is compromised, you should immediately revoke its access to your account. You can generate a new key to replace the previous one if necessary.

If you make a mistake, you can reactivate the API key to reestablish the impacted integration.

Follow the steps below to change an API key:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.

2. Make sure you are in the Generated tab.

3. In the row of the desired API key, click the kebab menu (⋮) and choose one of the following actions:

   • Deactivate: If the key is active, click Deactivate to deactivate it. This action will interrupt integrations using the key, so use it with caution. You need to click Deactivate again to confirm the action.
   • Activate: If the key is inactive, click Activate to activate it.

The token associated with an API key is only valid during the period set when configuring the duration of API keys. You must renew the API token before it expires to maintain continuous access to resources and guarantee security.

To do this, follow the instructions described in Renewing API tokens.

API keys that will no longer be used can be deleted. By deleting these keys, you can keep the list organized and make it easier to manage the keys in use.

Ensure the API key is no longer in use by any integration before deleting it. This action cannot be undone.

To delete an API key permanently, follow the steps below:

1. In the top bar of the VTEX Admin, click your profile avatar — indicated by the first letter of your email — and then click Account Settings > API Keys.
2. Make sure you are in the Generated tab.
3. In the row of the desired API key, click the kebab menu (⋮) and then Delete Key.
4. Check the option I understand that this action cannot be undone.
5. Click Delete to confirm.

• API Keys (Beta)
• Configuring the duration of API keys (Beta)
• External keys (Beta)