API keys

API Keys Beta

API keys (Beta)

API keys

Each API integration used to connect your VTEX account with external systems will require creating an API key. For each key, an API token acts as a password for using that credential.

These authentication credentials ensure secure access to the data you want to share with these integrations without exposing your account to unauthorized users or applications.

For an API key to successfully make API requests to your account, it must be active and have roles specifying the account resources it can access.

Types of API keys

There are two types of API keys: internal or external. This definition depends on which account creates, manages, and uses the credential.

Internal keys

Internal API keys are credentials generated in and managed by your VTEX account. This means you should have access to all pairs of API keys and tokens, which is akin to usernames and passwords for API integrations.

External keys

External API keys are credentials generated in and managed by other VTEX accounts. By adding roles to API keys — which are equivalent to usernames — provided by third parties, you can allow them to access specific resources in your account.

Managing API keys

The API Keys page in the VTEX Admin allows you to manage the API keys with access to your store. See the guides below for more details on the available actions and information on this page:

Export API keys: Allows you to download a spreadsheet with details about both generated and external API keys.
Settings: Allows you to define the period after which a token renewal will be recommended. When a token reaches the defined threshold, the interface will display an alert indicating that the token should be renewed. This setting applies to all API key tokens.

Tokens don’t expire automatically after the set period. The setting only determines when the interface will suggest renewal.

${"base64":" ","img":{"width":820,"height":446,"type":"png","mime":"image/png","wUnits":"px","hUnits":"px","length":49880,"url":"https://raw.githubusercontent.com/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/account-management/api-keys/api-keys_1.png"}}$
Generated keys: Allows you to manage API keys created and managed by your VTEX account.

${"base64":" ","img":{"width":1920,"height":1032,"type":"png","mime":"image/png","wUnits":"px","hUnits":"px","length":269129,"url":"https://raw.githubusercontent.com/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/account-management/api-keys/api-keys_2.png"}}$
External keys: Allows you to manage API keys created and managed by other VTEX accounts, with access to specific resources in your account.

${"base64":" ","img":{"width":1128,"height":374,"type":"png","mime":"image/png","wUnits":"px","hUnits":"px","length":29258,"url":"https://raw.githubusercontent.com/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/account-management/api-keys/api-keys_3.png"}}$

Requirements for managing API keys

To manage API keys, you must have the User Administrator - RESTRICTED role or a custom role with the following resources:

View API Keys (view, filter, search for, sort, and export external and generated API keys)
Edit API Keys (create, delete, change status and add or remove API key permissions)
Renew API token (view and renew generated key tokens)
Edit API Keys settings (configure the duration for generated key tokens)

Learn more about each resource in License Manager resources.