Vanio AI DocsVanio AIDocs
OwnerSmall HostPMLarger PMEnterpriseClean Co.CleanerMaint Co.Maint.

API Key Management

Create, manage, and revoke API keys for third-party integrations directly in your settings.

API Key Management

Manage your integration keys directly in Vanio's settings to connect third-party applications and services to your vacation rental data. You can create new keys, view existing ones, and revoke access whenever you need to update your connections—all without contacting support.

[Screenshot: API Keys settings page showing list of active keys with create button]

Getting Started

Creating Your First API Key

  1. Navigate to API Keys

    • Go to Settings from your dashboard
    • Select "API Keys" from the settings menu
    • You'll see your existing keys (if any) and a "Create New Key" button

  2. Create a New Key

    • Click "Create New Key"
    • Enter a clear description (e.g., "Property Management App", "Booking Widget")
    • Choose your environment:
      • Test: For development and testing (starts with sk_test_)
      • Live: For production use (starts with sk_live_)
    • Click "Create Key"

  3. Save Your Key Immediately

    • Your new API key will be displayed once—this is the only time you'll see it
    • Copy the key and store it securely in your application or password manager
    • Once you close this window, the key cannot be retrieved again

[Screenshot: Key creation dialog showing description field and environment options]

Using Your API Keys

Once created, provide your API key to the third-party service or developer who needs access to your Vanio data. They'll use this key to authenticate requests and pull information about your properties, bookings, and availability.

How It Works

Automatic Security Features

Vanio automatically protects your account with several security measures:

  • One-time display: API keys are shown in full only once during creation
  • Secure storage: Only encrypted portions of keys are stored after creation
  • Usage tracking: Monitor when each key was last used to identify inactive keys
  • Instant revocation: Disable compromised keys immediately

Key Information Display

For each API key, you can see:

  • Masked key: Only the first few characters for identification
  • Description: The name you gave it during creation
  • Environment: Whether it's for testing or live use
  • Status: Active or revoked
  • Created date: When the key was first generated
  • Last used: When it was most recently accessed (or "Never used")

[Screenshot: API key list showing masked keys with status badges and usage information]

Key Features

  • Self-service management: Create and revoke keys instantly without waiting for support
  • Environment separation: Separate keys for testing and production to keep data secure
  • Usage monitoring: Track which keys are actively being used
  • Detailed descriptions: Label keys clearly to remember their purpose
  • Instant revocation: Immediately disable access when needed
  • Legacy key support: Existing integrations continue working with older key formats

Managing Your Keys

Viewing and Filtering Keys

Use the filter tabs to organize your view:

  • All: Shows every key you've created
  • Active: Only currently working keys
  • Revoked: Previously disabled keys

Each filter shows a count so you can quickly see how many keys you have in each state.

Revoking Access

To disable an API key:

  1. Find the key in your list
  2. Click "Revoke" next to the active key
  3. Confirm the action in the dialog that appears
  4. The key immediately stops working—any service using it will lose access

Important: Revoking a key cannot be undone. You'll need to create a new key if you want to restore access.

[Screenshot: Revocation confirmation dialog with warning message]

Tips & Best Practices

Keep Your Keys Secure

  • Never share API keys in emails, chat messages, or public forums
  • Store keys in secure password managers or environment variables
  • Use test keys during development, then switch to live keys for production
  • Regularly review your key list and revoke unused keys

Choose Descriptive Names

  • Include the app name: "Airbnb Sync Tool", "Custom Booking Widget"
  • Add the purpose: "Mobile App - Production", "Analytics Dashboard"
  • Mention the team: "Marketing Team - Campaign Tool"

Monitor Usage

  • Check "Last used" dates to identify stale integrations
  • Revoke keys for discontinued services or former team members
  • Create separate keys for different integrations rather than sharing one key

Environment Strategy

  • Start with test keys when setting up new integrations
  • Only switch to live keys after thorough testing
  • Keep test and live keys separate—never mix environments

Common Questions

What happens to existing integrations when I revoke a key? They'll immediately stop working and receive authentication errors. Make sure to update the integration with a new key before revoking the old one if you want to maintain service.

Can I see the full key again after creating it? No, for security reasons, the complete key is only shown once during creation. If you lose it, you'll need to create a new key and update your integrations.

What's the difference between test and live keys? Test keys access sandbox data for development and testing, while live keys work with your real property and booking information. Always use test keys during development to avoid affecting your actual business data.

integrationssecuritysettings
Last updated May 2026