Getting StartedAPI Keys Setup

API Keys Setup

Learn how to generate, manage, and secure your ChumiAI Developer API Keys. API keys allow you to integrate ChumiAI features directly into your own applications, websites, or e-commerce platforms.

Generating an API Key

To create a new API key, follow these steps:

  1. Log in to the ChumiAI Client Portal.
  2. Navigate to Settings > Developer Settings > API Keys.
  3. Click Create New Key.
  4. Give your key a descriptive name (e.g., "Shopify Sync" or "Mobile App Messaging").
  5. Select the required Scopes (Permissions) for your use case.
  6. Click Generate.

Critical Security Notice

Copy and save your API key immediately after generation. For security reasons, it will only be shown once and cannot be retrieved later.

Understanding Scopes

Scopes define what your API key is allowed to do. When creating a key, only grant the permissions you actually need. Available scopes include:

| Scope | Description | | :--- | :--- | | whatsapp:send | Send WhatsApp messages and templates | | whatsapp:read | Read conversations and message history | | contacts:read | Read contact and group data | | contacts:write | Create and update contacts | | products:read | Read product catalog data | | products:write | Create and update products | | templates:read | List available message templates |

Tip

You can create multiple API keys with different scopes for different integrations. For example, a read-only key for analytics and a write key for your messaging service.

Managing Your Keys

You can view and manage all your API keys from the Developer Settings page in the Client Portal.

Viewing Active Keys

The API Keys table shows each key's:

  • Name — the descriptive label you gave it
  • Created date — when the key was generated
  • Last used — when the key was last used in an API request
  • Scopes — which permissions the key has
  • Status — whether the key is active or revoked

Revoking a Key

If a key is compromised or no longer needed, revoke it immediately:

  1. Go to Settings > Developer Settings > API Keys.
  2. Find the key in the list.
  3. Click the Revoke button.
  4. Confirm the action.

Warning

Revoking a key is permanent and takes effect immediately. Any integration using that key will stop working.

Best Practices

Follow these guidelines to keep your API keys secure:

  • Never expose keys in client-side code — HTML and JavaScript can be inspected by anyone. Only use API keys in server-side environments.
  • Use restricted scopes — Minimize the blast radius if a key is compromised by only granting the permissions you need.
  • Rotate your keys regularly — Periodically generate new keys and revoke old ones as part of your security policy.
  • Revoke unused keys — Remove any API keys that are no longer in use from the dashboard immediately.
  • Use environment variables — Store API keys in environment variables, never hardcode them in your source code.
Example .env file
# .env (never commit this file)
CHUMIAI_API_KEY=chumi_sk_live_abc123...

Next Steps