Skip to main content

Generate API Key

1

Navigate to API Keys

Click on API Keys in the breadcrumbs at the top left corner of the page. Your organization name is a dropdown menu.
2

Add a new API key

Click on the “Add API Key” button to open the creation modal.
3

Configure your API key

  1. Give your API key a descriptive label (e.g., “GitHub Integration”, “PostHog”, “Slack”)
  2. Configure Workspace Access — this controls access to data inside a Workspace (surveys, responses, contacts, webhooks, and so on):
    • Add each Workspace this key should reach by clicking “Add Permission”
    • Choose the permission level for each (read, write, or manage)
    • There is no “all Workspaces” option — a key can only reach the Workspaces you add here
  3. Configure Organization Access — this controls organization administration (members and teams) and does not grant access to Workspace data:
    • Set read and/or write access as needed
4

Copy your key

After creating the key, you’ll see the API key value displayed once. Copy it immediately and store it in a secure location. For security reasons, you won’t be able to view the complete API key again.
Store your API key safely! Anyone who has your API key has access based on the permissions you’ve granted. For security reasons, the complete API key value cannot be viewed again after creation.

API Key Access Scopes

An API key has two independent access scopes. They control different families of endpoints and do not overlap:
ScopeWhat it grantsExample endpoints
Workspace Access (per Workspace: read / write / manage)Access to data and configuration inside the selected Workspaces/api/v2/management/surveys, /responses, /contacts, /webhooks
Organization Access (read / write)Organization administration only/api/v2/organizations/{organizationId}/users, /teams, /api/v2/me
Organization Access is not a shortcut for “all Workspaces”. It only grants access to organization-administration endpoints (members and teams). To read or write survey and response data, add each Workspace explicitly under Workspace Access. A key with only Organization Access and no Workspaces cannot access any Workspace data.
Access scopes are fixed when the key is created. Afterwards you can only rename the key’s label — to change its Workspaces or permissions, delete the key and create a new one.
On Formbricks Cloud, organization user-management endpoints (creating and updating members) are not available. Organization Access is primarily intended for self-hosted instances.

Delete API Key

If you need to revoke access for an API key:
  1. Go to Settings → Organization → API Keys page
  2. Find the key you wish to revoke and click the trash icon
  3. Confirm the deletion in the dialog that appears
Your API key will stop working immediately after deletion.

API Key Permission Levels

API Keys have three permission levels that can be assigned per Workspace:
  • Read: Can only perform read operations (GET requests)
  • Write: Can perform read and write operations (GET, POST, PUT, PATCH requests)
  • Manage: Has full access including delete operations (all request types)
These permission levels apply to Workspace Access. Organization Access is separate: it uses read/write access for organization administration only. See API Key Access Scopes for how the two scopes differ.