Generate API keys
API keys authenticate your requests to the Kisi API. Each key is tied to the account that created it — if that account loses admin rights, the key becomes invalid. For this reason, always generate API keys from an organization owner account.
Generate a Kisi API key
You need to have organization administrator or organization owner rights to create an API key. We recommend creating API keys from the organization owner's account, to avoid the API key becoming invalid when an organization admin loses their admin rights.
- Sign in to Kisi
- On the top right corner, click on your name and click on My Account
- Next, select the API tab and click on Add API Key
- Enter the name for the API key and your Kisi password and click Add
- Copy the API key shown on the screen and click Close
Key behaviour
- A user can have up to 40 active API keys. Keys beyond that limit are expired automatically.
- By default, API keys expire after 6 months of inactivity. To create a non-expiring key, set
expire: falsewhen creating the login via the API (POST https://api.kisi.io/logins). See the API reference for details.
Security responsibility
An admin API key has full control over an organization's access, it can unlock doors, add and remove users, and modify permissions. This means it controls the physical security of everyone in that building.
Treat it like a password:
- Never hardcode it in source code or expose it client-side
- Store it in a secrets manager or environment variable
- Rotate it immediately if it is ever exposed
- Use one key per integration so you can revoke it without affecting anything else
Kisi is ISO 27001 certified and SOC 2 Type II certified. As a partner building on top of Kisi, it is your responsibility to handle API keys with the same level of care on your end.
Next Steps
- Request SDK Access (for mobile integrations)
- Hardware Requirements
- API Quick Start