All systems operational

API Access & Keys

IntegrationsAvailable

DevSphere OS provides a read API for programmatic access to your data, secured by organization-scoped API keys. Today the public API exposes read access to your leads and invoices.

#Purpose

Issue and manage API keys so external systems can securely read your DevSphere OS data.

#When to use this

When you need to connect an external system or script that reads your leads or invoices.

#At a glance

DetailValue
Required permissionsManage API keys (CEO or admin only)
Administrator levelCEO / Admin
Portal areas usedSettings (API keys), Public API (v1)

#Workflow

1
Create key
Name + scopes.
2
Copy secret once
Shown a single time.
3
Authenticate
Bearer token.
4
Call the API
Read your data.

#Step by step

1

Open API keys

Go to Settings and open the API keys area (admin only).
2

Create a key

Give the key a clear name and select the scopes it needs — for example leads:read or invoices:read.
3

Copy the secret now

The key is shown only once and begins with dvs_live_. Copy it immediately and store it in a secure secrets manager.
4

Authenticate requests

Send the key as an Authorization: Bearer header when calling the v1 API.
5

Rotate or revoke as needed

Rotate a key to replace it, or revoke it to stop it working immediately.

#Approval points

No formal approval gate

This administrative action does not require a separate sign-off, but review carefully before applying changes.

#Security notes

Security considerations

  • Keys are shown once and stored only as a hash — neither DevSphere OS nor platform staff can recover a lost key. If a key is lost or exposed, rotate or revoke it and issue a new one.
  • Grant each key the narrowest scopes it needs.
  • Revoke unused or exposed keys immediately.
  • API requests are rate-limited (about 120 requests per minute per key) and logged.

#Best practices

  • Use one key per integration so you can revoke it independently.
  • Assign least-privilege scopes.
  • Rotate keys periodically.
  • Never embed keys in client-side or public code.

#Common mistakes

  • Not copying the one-time secret before leaving the screen.
  • Granting more scopes than the integration needs.
  • Committing a key to source control.

#Troubleshooting

If this happensTry this
401 invalid_api_keyThe key is wrong, revoked, or expired — reissue or rotate it and update your integration.
403 insufficient_scopeThe key lacks the required scope; create a new key with the needed scope.
429 rate_limitedYou are sending too many requests; slow down (about 120 per minute per key).

#FAQ

What can the API access today?

Read access to your leads and invoices. Keys carry scopes that control access, and the API expands over time.

Can platform staff read my keys?

No — keys are stored only as a hash, scoped to your organization; they cannot be read back after creation.

Who can manage API keys?

Only a CEO or admin can create, rotate, or revoke keys.

#Keep exploring

#Business modules & workflows

Still need help?

Can’t find what you’re looking for? The DevSphere OS team is happy to help.