Finding and managing your API credentials

API credential management is only available to account admins and workspace managers.

Your API Keys are used to authenticate with our APIs and send data to your different Customer.io workspaces. It’s also good security practice to use different credentials for each integration and rotate these credentials regularly.

Track API Keys vs App API Keys

There are two types of API keys in each account.

Track API Keys

Track API keys are used to send behavioral tracking activity (/events and attribute updates) into your workspace. API requests using the https://track.customer.io/api/v1/ endpoint use these tracking API keys.

App API Keys

App API keys are used to trigger messages and broadcasts, or programmatically retrieve data from your workspace for analysis, troubleshooting, or reporting. API requests to https://api.customer.io/v1/api/ use App API Keys.

Because App API Keys can be used to trigger messages and access people attributes and delivery information, these keys are shown only once when created and stored as hashed values in Customer.io. Make sure to store these keys (and all API keys) in a safe and non-public location.

image.png
image.png

Restrict API access by IP Address

By default, access to the API is not restricted by IP address.

On the Manage API Credentials page, you can create an allow list. When you create an allow list, any addresses on the list with valid credentials can use the API. Addresses that are not on the list are denied access to the API, even with valid API keys.

To create an allow list:

  1. Go to the Manage API Credentials page.
  2. Click Add IP Address.
  3. Enter the IP Address you want to allow and the Workspace you want to grant access to.
  4. Click Add IP Address.
    IP address allowlist (allow list)
    IP address allowlist (allow list)

Repeat this process for the addresses you want to allow access to and the workspaces you want to grant each IP address access to.

Where can you find them?

You can find your API keys by navigating to Account Settings > API Credentials.

In this settings area, you can add new API credentials for any workspace, as well as see when all of your credentials were created and last used. You can also rename or delete/deprecate them should you need to.

image.png
image.png

Adding new credentials

Whenever you create a new workspace, we create a default set of “primary” API credentials for you. You cannot delete these until you create a new set. To do this, click the button to add a new set of credentials, then give them a name and select a workspace.

When you add them, you’ll be able to see them on your Integrations page for that workspace, and in the settings area.

Renaming or deleting existing credentials

You can rename or delete a set of credentials. Editing is just a matter of renaming and saving.

If you want to delete a set of credentials, we ask you to enter their name once more, just to be sure. Keep in mind that this cannot be undone, and that if any currently-running integrations use those credentials, you update those integrations before deleting!

Keep in mind that you need at least one set of Track API credentials for each workspace. If you only have one set left, we’ll let you know that you need to create a new one before you delete that set:

Choosing integration credentials

JavaScript snippet

When sending data to Customer.io for a given workspace, we give you the option of choosing which credentials you’d like to use. You can use the dropdown to select them for either the JavaScript snippet or the API:

image.png
image.png

Segment

If you’re connecting your Segment account to a Customer.io workspace and you have multiple key pairs, you need to select a set of API credentials to enable that connection:

image.png
image.png

Need help?

If you have any questions about API credentials in Customer.io, please let us know!

Copied to clipboard!