Creating and Managing API keys

With the ChartMogul API, you can connect to other applications and services to import billing data, add custom attributes, or even share subscription metrics outside your organization — just to name a few. Learn more about our API.

The first step with setting up API access to subscription data and analytics is to create an API key. ChartMogul allows you to create multiple API keys, and we strongly encourage you to use a separate key for each external application or service you connect to ChartMogul.

For example, you import billing data for customers who pay outside your billing system and share your ChartMogul subscription analytics on an external dashboard. You should create a separate API key for each of these integrations. This way, if you need to revoke access to one integration, you won’t disrupt access to the other. Please read our recommendations on securing API keys carefully before getting started.

You’ll also use API keys — with the help of QR codes — to access key SaaS metrics using the ChartMogul mobile app.

Here’s what we cover in this article:

  1. Securing your API keys
  2. Creating an API key
  3. Managing API keys
  4. Working with API keys

Resources and further reading:

Securing your API keys

Each API key provides external access to your ChartMogul subscription data and analytics. As such, we strongly encourage you to keep your API keys secure. Here are a few best practices:

  • Create separate API keys for each application, service, and mobile device you connect to ChartMogul.
  • Set the Access Type to Read-only unless your integration requires read and write access to your data.
  • Periodically regenerate keys to limit the impact of a key that has been accidentally shared or leaked. Similarly, delete API keys you no longer need or use.
  • Don’t embed keys directly in code nor store them in files inside your app’s source tree.
Each time you create, update, or delete an API key, ChartMogul sends an email notification to the user associated with the key and account admins.

Creating an API key


Create an API key by navigating to  Profile > View Profile. Then:

  1. Under API Keys, select New API Key.
  2. Enter a unique name for the key in the Name field.
  3. If you’re an Admin, set the Access Type to either Read-only or Read & Write.
  4. Click Add to create the key.

Click Reveal Key to see the actual key and the Copy icon to copy it to your clipboard.

Managing API keys

You’ll need to be an Owner or Admin to manage API keys for other users. Read more about user roles and permissions.

View and manage API keys by navigating to  Profile > Admin > API Access Manager.

Screenshot of the API Access Manager table, as described here, with various example API keys

There, you’ll find the API Access Manager table with the following details:

  • Name — the name given to the API key when it was created
  • Access Level — the type of access granted, either Read-only or Read & Write
  • User — the user the API key belongs to
  • Created — the date the API key was created
  • Role — the user’s role
  • Status — the API key’s current status, either Active or Disabled

Click the Gear icon to disable, enable, or delete an API key.

Working with API keys

Admins and Owners can manage API keys for other users using the API Access Manager.

After creating an API key, there are several actions you may want to perform, such as revealing the key, regenerating the key, or disabling/enabling/deleting the API key. We cover how to perform each of these in the following sections.

Start by finding your API key. Navigate to  Profile > View Profile and locate the key in the API Keys table.

Revealing an API key

Click Reveal Key to see the actual key and click the Copy icon to copy it to your clipboard.

Editing an API key

To change an API key’s name, click the Gear icon. In the Edit API Key pop-up, change the Name as needed. Then click Update.

Regenerating an API key

This action is permanent and cannot be undone.

Regenerating an API key revokes API access by having ChartMogul generate a new key. You should regenerate keys both periodically and any time you suspect a key has been compromised.

Click the Gear icon. In the Edit API Key pop-up, click Regenerate.

Disabling an API key

Disabling an API key temporarily (but not irreversibly) stops its API access and is useful when auditing which keys are still in use and when you suspect a key has been compromised.

Click the Gear icon. In the Edit API Key pop-up, click Disable Key.

Deleting an API key

This action is permanent and cannot be undone.

Deleting an API key permanently stops its API access. Delete API keys when you no longer need them.

Click the Gear icon. In the Edit API key pop-up, click Delete Key.

Was this article helpful?