API Keys
API Keys
Generate API keys to integrate GoVista with your existing systems, custom applications, or third-party tools.
Creating an API Key
1. Go to Settings > API > API Keys 2. Click Create API Key 3. Enter a descriptive name (e.g., "POS Integration", "Website CMS") 4. Select the scope:
- Read — Can only read data (devices, playlists, analytics)
- Write — Can read and modify data (upload content, create playlists)
- Admin — Full access (all operations including user management)
5. Click Generate 6. Copy the key immediately — it will not be shown again
API Key Scopes
| Scope | Read Data | Write Data | Delete Data | User Management | |-------|----------|-----------|------------|----------------| | Read | Yes | No | No | No | | Write | Yes | Yes | No | No | | Admin | Yes | Yes | Yes | Yes |
Using API Keys
Include your API key in the request header:
`` Authorization: Bearer YOUR_API_KEY ``
Or as a query parameter:
`` https://api.govista.app/v1/devices?api_key=YOUR_API_KEY ``
Use the minimum scope necessary. If your integration only needs to read device status, use a Read key. This limits the impact if the key is compromised.
Key Management
- Rotate keys — Create a new key, update your integration, then delete the old key
- Delete keys — Immediately revokes access
- View usage — See when each key was last used
- Multiple keys — Create separate keys for different integrations
Rate Limits
API keys are subject to rate limits:
- Read — 100 requests per minute
- Write — 30 requests per minute
- Admin — 30 requests per minute
Exceeding rate limits returns a 429 status code.
Security Best Practices
- Never share API keys in public repositories
- Use environment variables to store keys
- Rotate keys every 90 days
- Delete keys that are no longer in use
- Monitor key usage for unexpected activity
Treat API keys like passwords. Anyone with your API key can access your GoVista account with the permissions granted by the key's scope. If a key is compromised, delete it immediately.