API Key Setup

API keys let external systems connect to your YardPilot account securely.

What Is an API Key?

An API key is like a password that your website or application uses to send data to YardPilot. It identifies your company and ensures only authorised systems can create requests in your account.

Example key format: ypk_live_abc123xyz789...

Generating an API Key

1. Go to Settings → API Keys
2. Click + New API Key
3. Enter a name for the key (e.g., "Website Contact Form")
4. Click Generate
5. Copy the key immediately - it's only shown once

Important

Your API key is displayed only once when created. Copy it immediately and store it securely. If you lose it, you'll need to generate a new one.

Key Types

Live Keys

• Prefix: ypk_live_...
• Creates real requests in your dashboard
• Use for production websites

Test Keys

• Prefix: ypk_test_...
• Creates records marked with an orange TEST badge
• Test records are hidden by default from all list views
• No notifications or emails sent to your team
• Use for development and verifying your integration works

Viewing Test Records

Test records require Developer Mode to be enabled. See Developer Mode for setup instructions.

Managing Keys

Viewing Keys

Go to Settings → API Keys to see all your keys:

Column	Description
Name	The label you gave the key
Key Prefix	First 8 characters (for reference)
Created	When the key was generated
Last Used	Most recent API request
Status	Active or Revoked

Revoking Keys

If a key is compromised or no longer needed:

1. Go to Settings → API Keys
2. Find the key
3. Click Revoke
4. Confirm the action

Cannot Be Undone

Revoking a key is permanent. Any integrations using that key will stop working immediately.

Rotating Keys

Best practice is to rotate (replace) your keys periodically:

1. Generate a new key
2. Update your website/integration to use the new key
3. Test that everything works
4. Revoke the old key

Security Best Practices

Do's

• Store keys securely - Use environment variables or secure key management
• Use descriptive names - "Website Contact Form" is better than "Key 1"
• Rotate regularly - Replace keys every 6-12 months
• Use test keys for development - Never test with live keys

Don'ts

• Never share keys publicly - Don't post them in forums or public code repositories
• Never embed in frontend code - Keys visible in JavaScript can be stolen
• Never email keys - Use secure channels only

Rate Limits

Each API key has usage limits to prevent abuse:

Limit	Value
Requests per hour	50
Images per request	10

If you need higher limits, contact YardPilot support.

Troubleshooting

"Invalid API key" Error

• Check you're using the correct key (live vs test)
• Verify the key hasn't been revoked
• Ensure the full key is included (no spaces or missing characters)

"Rate limit exceeded" Error

• You've exceeded 50 requests per hour
• Wait for the rate limit to reset (shown in Retry-After header)
• Consider batching requests or reducing frequency

Key Not Working After Creation

• Ensure you copied the complete key
• Check for extra spaces at the start or end
• Verify you're using the correct key type (live ypk_live_... vs test ypk_test_...)

Next Steps

Now that you have an API key:

• Set up work requests - Connect your contact form
• Create quotes via API - Build a quote calculator