Managing API Keys
Create, rotate, and manage API keys for programmatic access to DealView.
API keys enable programmatic access to DealView. Build integrations, automate workflows, and connect external systems.
API Key Overview
API keys allow:
- Programmatic contract management
- Integration with external tools
- Automated data extraction
- Custom workflow automation
API access is available on Enterprise plans and above.
Accessing API Key Management
- Go to Settings > Workspace
- Click API Keys tab
- View and manage your keys
Creating an API Key
- Click Create API Key
- Enter a descriptive name
- Set permissions (read, write, delete)
- Optionally set expiration
- Click Create
- Copy the key immediately - it won't be shown again
API keys are only displayed once at creation. Store securely - you cannot retrieve it later.
API Key Properties
| Property | Description |
|---|---|
| Name | Descriptive identifier |
| Key Prefix | First characters for identification |
| Permissions | Read, Write, Delete access |
| Created | Creation timestamp |
| Last Used | Most recent API call |
| Expires | Expiration date (if set) |
Permission Scopes
Configure what the key can do:
| Permission | Allows |
|---|---|
| Read | List and view contracts, drafts, templates |
| Write | Create and update records |
| Delete | Remove contracts and drafts |
Best practice: Grant minimum required permissions.
Using Your API Key
Authentication
Include the key in the Authorization header:
Authorization: Bearer your_api_key_here
Base URL
https://dealview.io/api/v1/
Rate Limits
API calls are rate-limited by plan:
| Plan | Requests/Minute |
|---|---|
| Enterprise | 60 |
| Portfolio | 120 |
| Enterprise+ | Unlimited |
Rate limit headers are included in responses.
Rotating API Keys
Regularly rotate keys for security:
- Find the key to rotate
- Click Rotate
- Confirm the action
- New key is generated
- Old key remains valid for 24 hours
- Update your integrations
- Old key automatically expires
The 24-hour overlap period allows updating integrations without service interruption.
Revoking API Keys
To immediately disable a key:
- Find the key
- Click Revoke
- Confirm revocation
- Key is immediately disabled
Revoked keys cannot be restored.
API Key Best Practices
- Name clearly - Include purpose and integration
- Minimum permissions - Only grant what's needed
- Rotate regularly - Every 90 days recommended
- Monitor usage - Watch for unusual activity
- Set expirations - For temporary integrations
- Secure storage - Use secrets management
API Documentation
Common endpoints:
| Endpoint | Method | Description |
|---|---|---|
/contracts | GET | List contracts |
/contracts/{id} | GET | Get contract details |
/contracts/search | POST | Search with filters |
/drafts | GET/POST | Manage drafts |
/templates | GET | List templates |
Full API documentation is available at docs.dealview.io.
Monitoring API Usage
Track API key activity:
- View "Last Used" timestamps
- Check rate limit headers
- Review audit logs for API calls
- Set up usage alerts (Enterprise+)
Troubleshooting
401 Unauthorized
- Check key is valid and not expired
- Verify Authorization header format
- Ensure key has required permissions
429 Too Many Requests
- Rate limit exceeded
- Wait and retry with backoff
- Consider upgrading for higher limits