1. Home
  2. Help Center
  3. Organization
  4. Developer API Keys

Developer API Keys

What are Developer API Keys?

Developer API keys allow you to integrate Appgram with your applications, automation tools, MCP servers, and external services. Each key provides secure, authenticated access to Appgram's API with customizable permission scopes.

Creating an API Key

  1. Navigate to Organization Settings → Developer
  2. Click Create API Key
  3. Enter a descriptive name for your key (e.g., "Mobile App Integration", "MCP Server")
  4. Select the appropriate scope template or configure custom scopes
  5. Optionally, select a specific project to scope the key
  6. Click Create

Important: Copy your API key immediately after creation. For security reasons, the full key is only shown once and cannot be retrieved later.

Scope Templates

Appgram provides pre-configured scope templates for common use cases:

Apps / SDK (Project-scoped)

Read-only access ideal for mobile or web app integrations:

  • View wishes, roadmap, releases
  • View help center, status pages
  • View forms, surveys, blog

MCP Server (Project-scoped)

Full management access for MCP integrations:

  • Manage wishes, roadmap, releases
  • Manage help center, status pages
  • Manage forms, surveys, support
  • View analytics
  • Manage blog posts

Read Only (Organization-wide)

View-only access across all organization features.

Admin (Organization-wide)

Full management access to all features except billing.

Full Access (Organization-wide)

Complete owner-level access including billing.

Project-Scoped vs Organization-Scoped Keys

Project-Scoped Keys

When you select a specific project during key creation, the API key will only have access to that project's data. This is recommended for:

  • Mobile/web app integrations
  • Project-specific MCP servers
  • Third-party service integrations

Organization-Scoped Keys

Keys without a project selected have access to all projects in your organization. Use these for:

  • Admin dashboards
  • Cross-project automation
  • Organization-wide reporting

Using Your API Key

Include your API key in the x-api-key header of your requests:

x-api-key: YOUR_API_KEY

Example cURL request:

curl -X GET "https://api.appgram.dev/api/v1/projects" \
  -H "x-api-key: ag_xxxxxxxxxxxxxxxxxxxxxxxx"

Managing API Keys

Viewing Keys

All your API keys are listed in Organization Settings → Developer. You can see:

  • Key name and creation date
  • Assigned scopes
  • Project scope (if applicable)
  • Last used timestamp

Revoking Keys

To revoke an API key:

  1. Go to Organization Settings → Developer
  2. Find the key you want to revoke
  3. Click the Delete button
  4. Confirm the deletion

Warning: Revoking a key immediately invalidates it. Any applications using that key will lose access.

Security Best Practices

  • Use minimal scopes: Only grant the permissions your integration actually needs
  • Use project-scoped keys: When possible, limit keys to specific projects
  • Rotate keys regularly: Periodically create new keys and retire old ones
  • Never expose keys: Don't commit API keys to version control or expose them in client-side code
  • Use environment variables: Store keys in environment variables or secure vaults
  • Monitor usage: Check the "last used" timestamp to identify unused keys

Rate Limits

API requests are rate-limited based on your subscription plan. If you exceed the rate limit, you'll receive a 429 Too Many Requests response. Implement exponential backoff in your integrations to handle rate limiting gracefully.

]]>