API keys authenticate webhook integrations and API requests to ClosedLoop AI. Each key is scoped to your workspace.
Generate a key
- Go to API Keys in the sidebar
- Click Create API Key
- Give it a descriptive name (e.g., “Typeform webhooks”, “CI/CD pipeline”)
- Copy the key immediately — it won’t be shown again
API keys are shown only once when created. Store them securely. If you lose a key, revoke it and create a new one.
When you need an API key
- Webhook integrations — Typeform, SurveyMonkey, custom webhooks need a key to authenticate data sent to your ClosedLoop AI endpoint
- HMAC signature verification — webhook payloads are signed with your key for security
- REST API access — programmatic data ingestion via the
/ingest endpoint
You do not need an API key for:
- MCP connections (uses OAuth — no key required)
- OAuth integrations like Gong, Slack, HubSpot (authenticated via browser)
Revoke a key
Click the revoke button next to any key. Revoked keys stop working immediately. Any webhook integrations using that key will fail until reconfigured with a new key.
Security
- Keys are hashed (SHA-256) before storage — ClosedLoop AI cannot retrieve your key after creation
- Each key is scoped to one workspace — it cannot access other workspaces
- Rotate keys periodically, especially after team member departures
