Help center Configure API Key

Learn how to generate and manage your API key for authenticating requests to the Rotation App API.

Who can configure API keys?
  • All Slack workspace users with access to rotations.
  • Each workspace has its own API key for authenticating API requests.

To use the Rotation App API, you need an API key for authentication. The API key must be included as an x-api-key header in all your API requests.

How to configure your API key

  1. Go to Rotation App’s Home tab
    Learn where to find Rotation App’s Home tab.

  2. Open the API & Workflows dialog
    Click the Configure API & Workflows button in the top-right corner of the Home tab.

  3. Access API configuration
    In the API & Workflows dialog, locate the API section and click the Configure API button.

  4. View your API key
    The Configure API Key dialog will display your current API key. By default, the key is partially masked for security.

  5. Copy your full API key (optional)
    Click Show full API key to reveal the complete key, then copy it for use in your applications.

Using your API key

Include your API key in the x-api-key header for all API requests:

curl -X GET "https://api.rotation.app/v1/t/<team_id>/r/<rotation_id>/get_on_call_user_ids" \
  -H "x-api-key: <api_key>"

Regenerating your API key

If you need to regenerate your API key (for security reasons or if it’s been compromised):

  1. Open the Configure API Key dialog (follow steps 1-3 above)

  2. Regenerate the key
    In the “Regenerate API Key?” section, click the Regenerate button.

  3. Update your applications
    ⚠️ Important: Regenerating will immediately invalidate your old API key. Make sure to update all applications and scripts that use the API with the new key.

Security best practices

  • Keep your API key secure: Treat it like a password and don’t expose it in client-side code or public repositories
  • Use environment variables: Store the API key in environment variables rather than hardcoding it in your applications
  • Regenerate if compromised: If you suspect your API key has been compromised, regenerate it immediately

API key scope

  • Each Slack workspace has one API key that provides access to all rotations within that workspace
  • The API key allows access to all API endpoints for rotations you have permission to view
  • API permissions follow the same access controls as the Rotation App interface