Welcome

Create an API Key

Get up and running with the beehiiv API.

The beehiiv API key is used as the Bearer Token for all requests. It enables secure account authentication and should be kept secret at all times.

Building an integration? Use OAuth2 instead of API keys and follow our OAuth2 guide.

1

Log in to beehiiv.

2

Navigate to the API page

Click on Settings and then API under the Workspace Settings section.

3

Click the Create New API Key button

After creating your API key, be sure to copy and safely save the key, as it will be inaccessible after leaving the page. You may be prompted to verify your identity with Stripe.

Restricting a key to specific publications

By default, an API key has access to every publication in your workspace. When creating or editing a key, you can optionally restrict it to one or more specific publications.

A publication-scoped key behaves as follows:

  • Requests to publications outside the key’s scope return a 404 Not Found, the same response as for a publication that does not exist.
  • GET /v2/publications only returns the publications the key has access to.
  • The data deletion endpoints return a 403 Forbidden, since deletion requests apply to the entire workspace.

Keys with no publication restrictions continue to have access to the full workspace.

Best Practices

To prevent unauthorized access to your beehiiv account, we recommend the following best practices:

  • Use a unique API key for each application or service.
  • Rotate API keys regularly.
  • Store API keys securely (we recommend using environment variables).
  • API keys should only be exposed on the server side of your application. This includes in your code, in your browser’s console, or in your browser’s local storage. This is especially important for web applications.
  • Monitor API key usage and activity.