Create and manage API keys
Admin
API keys give external tools — spreadsheets, reporting dashboards, scheduling software — read or write access to your StandShare organization data without sharing your login credentials. Each key carries only the permissions you explicitly grant, so a key used for read-only reporting cannot accidentally modify your events or family accounts.
This guide covers how to create keys, choose the right permission scopes, and revoke keys that are no longer needed.
Access API key management
- Sign in as an Admin.
- Navigate to Settings in the sidebar.
- Select the API Keys tab.
You must have the api_tokens.create permission to create new keys. Admins have this by default.
Create a key
- On the API Keys tab, select Create Key.
- Fill in the key details:
- Name (required) — A label to identify what this key is used for, such as "Reporting Dashboard" or "Season Roster Export." You will see this name in the key list.
- Description (optional) — A note about the specific tool or integration using this key.
- Expiration (optional) — A date after which the key will automatically stop working. Leave blank for a key that does not expire. Use expiration for temporary integrations or contractor access.
- Select the permission scopes for this key (required — at least one scope must be selected). See Permission scopes below.
- Select Create Key.
Copy your key immediately
After creation, StandShare displays the full key value once. It is never shown again.
Copy your key and store it somewhere safe — a password manager or your integration's configuration — before closing this dialog. If you lose the key value, you will need to create a new one. There is no "show key" option after this point.
The key is displayed in the format ss_live_ followed by a long string of characters. This full value is what you enter in your external tool.
Permission scopes
Scopes control exactly which parts of your StandShare data the key can access. A key can only be granted scopes that your own account has — you cannot use a key to grant more access than you personally hold.
Scopes are organized into groups. Select only the scopes your integration actually needs.
| Group | Scope | What it allows |
|---|---|---|
| Billing | View Billing | Read billing and subscription information |
| Billing | Manage Billing | Update billing settings |
| Documents | Upload Documents | Upload documents on behalf of users |
| Documents | View All Documents | Read all organization documents |
| Events | View Events | List and read event details |
| Events | Create/Edit Events | Create new events and edit existing ones |
| Events | Delete Events | Permanently delete events |
| Events | Assign Workers | Add workers to event shifts |
| Events | Manage Roster | Edit the worker roster for events |
| Events | Record Attendance | Mark workers as attended or no-show |
| Events | Enter/Edit Commission | Set or update commission amounts |
| Events | Settle Events | Run event settlement |
| Events | Reverse Settlement | Undo a completed settlement |
| Families | View All Accounts | Read all family account records |
| Families | View All Transactions | Read transaction history for all families |
| Families | Create/Delete Accounts | Add or remove family accounts |
| Families | Edit Accounts | Update family account details |
| Families | Add/Edit Transactions | Manually add or modify transactions |
| Families | Import Families | Bulk import family records |
| Funds | View Balances | Read fund balance totals |
| Funds | View Transactions | Read fund transaction history |
| Funds | Configure Rates | Update fund distribution rates |
| Funds | Export Reports | Download fund reports |
| Groups | View Groups | List and read group details |
| Groups | Manage Groups | Create, edit, and delete groups |
| Ledger | View Ledger | Read ledger entries |
| Ledger | Create Entries | Add new ledger entries |
| Ledger | Void Entries | Void existing ledger entries |
| Organization | Manage Organization | Full admin access to org settings |
| Scholarships | View Requests | Read scholarship applications |
| Scholarships | Approve/Deny | Approve or reject scholarship requests |
| Scholarships | Process Payments | Mark scholarship payments as sent |
| Users | View Users | List and read user records |
| Users | Manage Users | Edit user details and roles |
| Users | Invite Users | Send invitations to new users |
| Venues | View Venues | Read venue details |
| Venues | Manage Venues | Create and edit venues |
For a read-only reporting integration, select only "View" scopes — View Events, View All Accounts, View Balances, and so on. This limits the damage if the key is ever exposed.
View your keys
The API Keys tab shows two sections:
- Active Keys — Keys that are currently usable. Each row shows the key name, status badge, the first few characters of the key (a prefix), when it was created, when it was last used, and its expiration date (if set). The assigned scopes are listed as tags below each key.
- Revoked / Expired — Keys that no longer work, shown with reduced opacity for historical reference.
Revoke a key
Revoking a key immediately and permanently cancels it. Any tool using the key will receive an authorization error the next time it makes a request.
- Find the key in the Active Keys section.
- Select Revoke next to the key.
- Confirm in the dialog.
Revoking a key cannot be undone. If a tool is actively using the key, it will stop working immediately. Create a replacement key before revoking the old one if you need to maintain continuous access.
Revoked keys remain visible in the Revoked / Expired section with a strikethrough on the name. They are kept for audit purposes.
Key security practices
- Use one key per integration — Give each tool its own key so you can revoke access for one tool without affecting others.
- Use minimal scopes — Grant only the permissions the integration actually needs. A reporting dashboard should not have "Settle Events" or "Reverse Settlement."
- Set expiration dates for temporary access — If you give a contractor a key, set it to expire when their engagement ends.
- Revoke unused keys promptly — Review your active keys periodically and revoke any that are no longer in use.
Next Steps
- Permission Matrix — Full list of permissions and which roles hold them
- Roles and Permissions — How the permission system works
- Configure Settings — Other organization-wide settings