Manage API Keys

API keys enable server-side event tracking for your UserPath applications. Create and manage keys to authenticate backend applications, track server-only events, and integrate UserPath with your infrastructure.

Understanding API Keys

API keys provide secure server-side event tracking for UserPath from your backend systems:

Key Benefits

• Server-Only Events: Track events that only happen on your backend
• Enhanced Security: First-party data collection without browser dependencies
• Backend Integration: Track events from webhooks, background jobs, and API endpoints
• Complete Coverage: Combine with browser tracking for full user journey visibility
• Ad-Blocker Resistant: Server-side tracking can't be blocked

Creating API Keys

API keys are scoped by organization. You can create multiple API keys for different applications and environments in one place.

Server-Side Authentication

Securely authenticate backend applications and track events that browsers can't capture

• Server-side event tracking
• First-party data collection
• Backend authentication
• Webhook processing
• API endpoint tracking

Create API keys through your UserPath settings:

1. Go to Dashboard → Settings → API Keys
2. Click the "+" button
3. Enter a descriptive name (e.g., "App X Production Server", "App Y Webhook Handler")
4. Copy the generated key immediately (it won't be shown again)
5. Store the key securely in your environment variables

API Key Best Practices

• Secure Storage: Store API keys securely in environment variables or secure storage
• Access Control: Only grant access to trusted applications and users
• Rotation: Rotate API keys regularly to enhance security

Using API Keys for Server-Side Tracking

Track events directly from your backend applications:

Learn more about Server-Side Event Tracking

Deleting API Keys

You can delete API keys from your settings page. Only owners of the organization can create and delete API keys.