Get an API key in 60 seconds
Generate a scoped API key from Settings and authenticate your first request.
Every request to the Pact API authenticates with a bearer key. Keys are scoped, rate-limited per key, and tied to your workspace. This guide takes about a minute.
Who can do this
You need the Admin or Owner role to issue API keys. Members can use a key once it exists but cannot create one.
Step 1 — Open the API keys page
In the app, go to Settings → API keys (/settings/api-keys). You will see any existing keys with their prefix, scopes, and last-used time. The full secret is never shown again after creation.
Step 2 — Generate a key
Click New key. Give it:
- Name — what the key is for, e.g.
data-warehouse-sync. This is the label you will recognize later. - Environment —
Productionissues apact_live_…key;Sandboxissues apact_test_…key against sandbox data. - Scopes — the minimum the integration needs. Start with read scopes and add write scopes only where you create or update records. See the OAuth & API scope reference.
- Rate limit — requests per minute for this key (defaults to your plan tier).
Step 3 — Copy the secret now
The secret is shown once. Copy it into your secret manager immediately. If you lose it, rotate the key — you cannot retrieve it later.
A production key has the prefix pact_live_ followed by 32 hex characters; a sandbox key uses pact_test_. Store it in an environment variable rather than pasting it inline:
export PACT_API_KEY="pact_live_…" # the key you just copied
Step 4 — Make an authenticated call
Pass the key as a bearer token in the Authorization header against https://app.pact.place:
curl "https://app.pact.place/v1/companies?limit=1" \
-H "Authorization: Bearer $PACT_API_KEY"
A 200 with a JSON body means the key works. A 401 means the key is wrong, revoked, or expired.
Keep keys server-side
Never ship a pact_live_ key in browser code, a mobile app, or a public repository. For
third-party apps acting on behalf of a workspace, use OAuth
instead of a shared key.