> ## Documentation Index
> Fetch the complete documentation index at: https://docs.thig.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Developer Settings

> Manage REST API keys for programmatic access to thig.ai

# Developer Settings

The Developer settings page lets organization administrators create and manage REST API keys for programmatic access to the thig.ai API.

<Note>
  API access requires a **Starter plan or higher**. Free plans do not include API key access.
</Note>

## Creating an API Key

1. Go to **Settings > Developer** in your admin sidebar
2. Click **Create API Key**
3. Enter a descriptive name (e.g., "CI/CD Pipeline", "Zapier Integration")
4. Optionally configure:
   * **Expiration date** — the key automatically stops working after this date
   * **Rate limit** — custom requests per minute (1–10,000). Leave blank for the default (60/min)
5. Click **Create Key**
6. **Copy the key immediately** — this is the only time it will be displayed

<Warning>
  Store your API key securely. Anyone with the key has full API access with your permissions. Never commit keys to source control.
</Warning>

## Using Your API Key

Include the key in the `Authorization` header of every request:

```bash theme={null}
curl -H "Authorization: Bearer thig_abc12345..." \
  https://app.thig.ai/api/projects
```

```javascript theme={null}
const res = await fetch('https://app.thig.ai/api/projects', {
  headers: {
    'Authorization': 'Bearer thig_abc12345...',
    'Content-Type': 'application/json',
  },
});
const projects = await res.json();
```

```python theme={null}
import requests

res = requests.get(
    'https://app.thig.ai/api/projects',
    headers={'Authorization': 'Bearer thig_abc12345...'}
)
projects = res.json()
```

## Managing Keys

From the Developer settings page you can:

* **View** all keys with their prefix, status, last used date, and request count
* **Deactivate/activate** a key to temporarily disable it without deleting
* **Edit** a key's name, expiration, or rate limit
* **Delete** a key to permanently revoke access (immediate, cannot be undone)

## Key Limits

The number of API keys you can create depends on your plan:

| Plan         | API Keys      |
| ------------ | ------------- |
| Free         | No API access |
| Starter      | 2             |
| Professional | 10            |
| Enterprise   | Unlimited     |

## Rate Limiting

API key requests are rate-limited to **60 requests per minute** by default. You can set a custom rate limit per key (1–10,000 req/min) when creating or editing a key.

When rate-limited, the API returns HTTP **429** with a `RATE_LIMITED` error code and the time to retry.

## Expiration Warnings

If a key has an expiration date set, you'll receive an email warning **7 days before** the key expires. After expiration, the key immediately stops working.

To extend a key, edit it from the Developer settings page and set a new expiration date.

## Audit Trail

All API key events are logged:

* Key creation and deletion
* Key activation/deactivation changes
* Every API request made with the key

View the audit log at **SuperAdmin > Audit Logs** (SuperAdmin only).

## Troubleshooting

| Error                             | Solution                                                 |
| --------------------------------- | -------------------------------------------------------- |
| `401 Invalid API key`             | Check the key is correct and has no extra whitespace     |
| `401 API key is deactivated`      | Re-activate the key from Developer settings              |
| `401 API key has expired`         | Create a new key or extend the expiration                |
| `403 API access is not available` | Upgrade to Starter or higher plan                        |
| `429 Rate limit exceeded`         | Wait for the reset time or increase the key's rate limit |
