API Key Authentication
This method is exclusively for customers,if you are current or future partner you will need to create an OAuth app to use our API endpoints.
Using an API key is a way outside of the OAuth. flow to gain access to the Salesloft Public API. API Keys can be used to access the API on behalf of the issuing user.
Provisioning an API Key
You can create apps via your Salesloft Account →Your Applications →API Keys → Create New.

Input a descriptive name that will help you identify your key, then select the scopes you need this API key to have, and click Save. The Save button will remain disabled until you select at least one scope. The next screen will show your assigned key.

Our API Keys take the form "ak" followed by a 64 character hexadecimal string:
ak_de656ec86bcab24878c24ff4d86758f8963d8ea6bcd4e90f8fae846ba8f9ac62
You can go to Salesloft Account →Your Applications →API Keys to see all of the keys associated with your user.
Protecting an API Key
API Keys function like logins, so keep them protected and never use them in publicly accessible code, like front end applications.
Protecting an API Key is extremely important for reasons such as:
- Unauthorized API requests: if someone has your API Key they can impersonate and make requests or delete your information without your knowledge or permission
In order to protect you and your organization here are some things to keep in mind:
- Never use or hard code them in publicly accessible code, like front end applications.
- Use environment variables(env) or .gitignore file to store your API keys
- Consider using a key management service
Editing an API Key
To edit an API key, you can go to Salesloft Account →Your Applications →API Keys and you will find an Edit button next to each API key associated to your user.
You can edit the name of the API key and the scopes that are associated to it.
Revoking an API Key
You can go to Salesloft Account →Your Applications →API Keys to see all of the keys associated with your user and click Delete for the one that you want to revoke/delete.
Authorizing Requests
All requests that go to the Salesloft API using API Keys will need to follow the HTTP Authorization Header format below:
Authorization: Bearer YOUR_API_KEY