Skip to main content

Manage API keys and webhooks permission

Manage API keys and webhooks permissions to control access and ensure secure integration management.

Dayvid Lorbiecke avatar
Written by Dayvid Lorbiecke
Updated over a week ago

Control who can create and manage API keys and webhooks to ensure secure integrations with Katana.


What this permission does

The Manage API keys and webhooks permission determines who can configure Katana’s developer tools used to connect with other systems.

With this permission, users can:

  • Access the API section in Settings.

  • Create new API keys (for integrations with external systems).

  • Delete existing API keys.

  • Create new webhooks (to receive real-time updates from Katana).

  • Manage or delete existing webhooks.

Learn more about Katana API


Default behavior

  • Account Owners always have this permission.

  • Users with default access do not have this permission by default.

  • Owners can choose to give specific Users this permission when needed.


With vs Without this permission

Area

With permission

Without permission

Access API section in Settings

✔️

Create/delete API keys

✔️

Create/manage/delete webhooks

✔️


How to enable or disable this permission

For new users

  1. Invite a new user.

    Screenshot showing how to add a User

  2. Click Edit under Default permissions.

    Screenshot highlighting the Edit button for default permissions when inviting a user

  3. Under the Admin tab, check/uncheck Manage API keys and webhooks.

    Screenshot highlighting the Manage API keys and webhooks permission under the Admin tab

For existing users

  1. Click your profile (top right) → Team.

    Screenshot highlighting the Team option under the top-right dropdown menu

  2. Select the user’s name.

  3. Open the Admin tab and check/uncheck Manage API keys and webhooks.

    Screenshot highlighting the Manage API keys and webhooks permission under the Admin tab

Notes

  • Restricting this permission helps prevent unauthorized integrations or accidental disruptions to system connections.

  • Only trusted team members should have this permission, since API keys and webhooks directly control data exchange between Katana and other systems.

Read more about user permissions and team member roles.


Your feedback is invaluable. Let us know your thoughts on this article or anything in Katana you'd like to see improved: [email protected]

Did this answer your question?