Skip to content

Creating API keys

When to use this guide: Use this guide when you need to create an OutboundSync API key for a script, internal tool, integration platform, or AI-assisted workflow.

OutboundSync API keys start with osapi_ and authenticate requests to the OutboundSync API. They are not the same as platform API keys for Smartlead, Instantly, EmailBison, HeyReach, or other connected tools.

Before a key can make successful API requests:

  1. An administrator must enable API access for at least one CRM connection.
  2. The connection must remain active and not deleted.
  3. The API key must be active and scoped to a connection the account can access.

If API access is not enabled for any connection, a valid key returns 403 API access is not enabled for this account.

  1. Log in to OutboundSync.
  2. Go to Connected Accounts → API keys.
  3. In the API keys section, enter a key name such as Production integration.
  4. Choose a Connection scope:
    • All connections (account-wide) lets the key read all API-enabled CRM connections for your account.
    • A single connection limits the key to one CRM connection.
  5. Click Create key.
  6. Copy the key immediately. OutboundSync only shows the plaintext key once.
OutboundSync admin API keys section showing the create form, account-wide connection scope, and an empty API key table above the platform API keys section.
Create OutboundSync API keys from Connected Accounts → API keys.
OutboundSync API key created dialog showing a masked API key field, Copy button, and Done button.
Copy the generated key when the dialog appears; it is shown only once.

Store the key in a secret manager or environment variable. Do not paste it into source code, chat logs, spreadsheets, or issue trackers.

Use GET /api/v1/me to confirm the key works.

Terminal window
curl https://app.outboundsync.com/api/v1/me \
-H "Authorization: Bearer osapi_<your-secret>"

A successful response includes the authenticated account, key metadata, and the CRM connections that key can access.

Rotate a key when it may have been exposed or when your security process requires regular credential rotation.

  1. Go to Connected Accounts → API keys.
  2. Find the key.
  3. Click Rotate.
  4. Copy the new key immediately.
  5. Update every script, tool, or automation that used the old key.

The previous key stops working as soon as rotation succeeds.

Use Revoke when a key should stop working. Revoked keys remain visible in the table until you archive them. Use Archive only after you no longer need the revoked key in the admin view.

Use connection-scoped keys when an integration only needs one CRM connection. Use account-wide keys when the integration needs to discover every API-enabled connection on the account.

After creating a key, paste this prompt into your coding assistant:

Use my OutboundSync API key from the OUTBOUNDSYNC_API_KEY environment variable.
Call GET https://app.outboundsync.com/api/v1/me with Bearer authentication.
If the request succeeds, list the key name, scope, and CRM connections. If it fails, explain whether the likely issue is a missing key, invalid key, disabled API access, or rate limiting.