API access

API access is how external systems integrate with TraceUnified programmatically. Rather than everything happening through the interface, an API lets your other tools read and write data — and access to that API is governed by API keys managed here.

Creating an API key

You create a key with a name that identifies its purpose, and it’s given a key prefix so you can recognize it later. The full key is shown once, at creation — you copy it then, because for security it isn’t displayed again. A key can be given a project scope, limiting what it can reach, so an integration built for one project can’t act across your whole organization.

Using a key

A request authenticates by including its API key, as described in the API documentation linked from this area. Treating keys as secrets — scoped narrowly and stored securely by the integrating system — is what keeps programmatic access as controlled as interactive access.

Revoking access

Any key can be revoked. If a key is no longer needed, or might be compromised, revoking it immediately cuts off the access it granted without affecting other keys or users. Because each integration uses its own named key, you can retire one without disrupting the rest — and a revoked key is marked as such, so the history of what was issued and withdrawn is clear.

Integration, governed

API access extends the platform’s reach to your wider toolchain while keeping that reach accountable: named, scoped, revocable keys mean programmatic access is as governed as everything else. Together with data import, it completes how TraceUnified connects to the systems around it.