API Keys

API keys allow programmatic access to the Squirrel backend. They are used to authenticate requests made outside the browser UI (e.g., scripts, integrations, or other tools). Each key carries independent read and/or write permissions.

Admin only — the API Keys page is only visible when admin mode is enabled.

Accessing the API Keys Page

1. Enable admin mode using the toggle in the sidebar.
2. Click Manage API Keys in the sidebar (under the admin section).

The page shows a table of all existing keys with their status, permissions, and available actions.

Creating an API Key

1. Click the Create Key button in the top-right corner of the page.
2. Enter an Application Name to identify what the key will be used for.
3. Check at least one permission:
4. Read Access — allows read operations
5. Write Access — allows write operations
6. Click CREATE.

Copying Your Token

After the key is created, the generated token is displayed once. You must copy it immediately — it will not be shown again.

• Click the copy icon to copy the token to your clipboard.
• Store it somewhere secure, such as a password manager.
• Click I'VE COPIED MY KEY to dismiss the dialog.

If you lose the token, you will need to deactivate the key and create a new one.

Deactivating a Key

In the API Keys table, click the Deactivate button in the Actions column for the key you want to revoke. The key's status will change to Inactive and it will no longer authenticate requests.

Deactivation is permanent — a deactivated key cannot be re-activated.

Bootstrap Key

If no API keys exist yet, a Bootstrap Key option is available. This creates an initial key so you can get started without needing an existing key to authenticate.

API Key Error Banner

If Squirrel detects that the configured API key is missing or invalid, a banner appears at the top of the page:

API KEY INVALID OR EXPIRED

Navigate to the API Keys page to create a new key or verify that a valid key is in use.