Workspaces & API keys

A workspace (internally an organization) is the unit that owns everything: connected platforms, media, posts, the plan and its limits, and API keys.

Keys are scoped to one workspace

Each API key belongs to exactly one workspace. Every request you make with that key operates only on that workspace’s data — platforms, media, and posts from another workspace are never visible. There is no per-key permission tier: a key has the same read/write access as the workspace itself.

If you operate several workspaces, create a separate key per workspace and select the right one when you create the key in the dashboard.

What a key can do

• List and inspect connected platforms.
• Upload and organize media.
• Create, list, reschedule, and delete posts.
• Generate and composite AI slideshow captions (spends credits).

API-key requests have no human “user” attached — actions are attributed to the key. That’s why audit-style fields tied to a person are absent on API-created resources.

Lifecycle

• Creation returns the secret once; only a hash is stored. See Authentication.
• Last-used is tracked so you can spot stale keys in the dashboard.
• Revocation is immediate — a revoked key fails with invalid_api_key (401) on the next request.

Rotating keys

To rotate without downtime: create the new key, deploy it, confirm traffic has moved (the old key’s last used stops advancing), then revoke the old one.

Billing & limits live on the workspace

The plan, and therefore the limits and quotas that apply to your API calls, are properties of the workspace — not the key. Adding more keys does not raise any limit.