API Keys

API keys allow external tools and services to connect to your NeedBridge organization securely. If you use Zapier, webhooks, or custom integrations, you will need an API key to authenticate those connections. This guide covers creating, managing, and securing API keys.

What API Keys Are

An API key is a unique string that identifies and authenticates an external application when it communicates with NeedBridge. Think of it as a password for a machine -- instead of a person logging in with a username and password, an application sends the API key to prove it has permission to access your data.

API keys are used for:

  • Zapier integrations -- Connecting NeedBridge triggers and actions to other apps through Zapier.
  • Webhooks -- Sending real-time data from NeedBridge to external systems when events occur (for example, when a need is created or a volunteer claims a need).
  • Custom integrations -- Any external tool or script that needs to read or write data in your NeedBridge organization.

Creating a New Key

To create an API key:

  1. Navigate to Settings in the left-hand navigation.
  2. Select API Keys.
  3. Click Create New Key.
  4. Enter a descriptive name for the key (for example, "Zapier Integration" or "Website Webhook").
  5. Click Create.

The key is displayed once immediately after creation. Copy it now. You will not be able to see the full key again after you leave this page. If you lose the key, you will need to create a new one.

Naming Keys

Give each API key a clear, descriptive name that identifies what it is used for. Best practices:

  • Use one key per integration (for example, one for Zapier, one for your webhook, one for a custom script).
  • Name the key after the service or purpose: "Zapier - Need Notifications," "Website Embed Sync," "Donor Management Webhook."

Using separate keys per integration makes it easy to revoke access to one service without affecting others.

Revoking Keys

If an API key is compromised, no longer needed, or associated with a service you have disconnected, revoke it:

  1. Navigate to Settings then API Keys.
  2. Find the key in the list.
  3. Click Revoke (or Delete).
  4. Confirm the action.

Once revoked, any integration using that key will immediately lose access. Make sure you have already disconnected or updated the integration before revoking, or it will start failing.

Security Best Practices

API keys grant access to your organization's data. Treat them with the same care as passwords:

  • Never share API keys in email, chat, or public repositories. If you need to share a key with a developer or partner, use a secure channel.
  • Do not embed API keys in client-side code. API keys should only be used in server-side applications or secure integration platforms like Zapier.
  • Use one key per integration. If one integration is compromised, you can revoke that specific key without disrupting others.
  • Revoke unused keys. If you are no longer using an integration, revoke its key. Orphaned keys are a security risk.
  • Rotate keys periodically. For sensitive integrations, consider creating a new key and updating the integration, then revoking the old key.

Where API Keys Are Used

Here are the most common places you will use an API key:

  • Zapier -- When setting up a NeedBridge connection in Zapier, you will be prompted to enter your API key to authenticate.
  • Webhooks -- When configuring webhooks in NeedBridge settings, the API key authenticates outgoing webhook requests.
  • External integrations -- Any third-party tool that connects to NeedBridge will need an API key for authentication.

Tips

  • Copy the key immediately after creation. The full key is only shown once. Store it in a secure password manager or secrets vault.
  • Label keys clearly. When you come back months later to manage your integrations, a well-named key tells you exactly what it is for.
  • Audit your keys regularly. Review the list of active API keys periodically and revoke any that are no longer in use.