Settings / Setup

API Keys

Use API keys when an external tool needs access to your Clockspot workspace.

No login required. Opens in one click.

Clockspot API Keys screen. Manage API keys for external tools and integrations to access your workspace.
Open a no-login Clockspot demo with time entries, edits, approvals, and payroll-ready records.

Generating a key

Press Generate Key in the page header, name it descriptively, and press Generate. The new key value appears once. Copy it before closing the dialog, because you cannot view the full key again later.

Store the copied key wherever the connected tool expects it, and keep your own record of which tool uses it.

Identifying keys

The key list shows:

  • Name — the label you gave the key when generating.
  • Hint — the last few characters of the key, so you can match a row here against the value stored in your secrets manager.
  • Last Used — when the key last made a request. Useful for spotting abandoned keys.
  • Created — when the key was generated.

Rotating keys

Best practice: rotate periodically, and any time someone with access leaves.

  1. Generate a new key.
  2. Update the integration to use the new key.
  3. Confirm the integration works.
  4. Revoke the old key.

Revoking

Revoke in the row menu, or as a bulk action after selecting rows, disables a key immediately. Any tool using that key stops authenticating with Clockspot.

Common questions

I lost the key value. Generate a new key. The old value can't be recovered — by design.

Can two integrations share one key? Use one key per connected tool when you can. That makes rotation and revocation easier to reason about later.

How do I tell which integrations use which keys? The Name and Hint columns are the only signals. Naming keys descriptively at generation time is the simplest way to keep track.