API Keys & Scopes
API keys authenticate all requests to the Skillett API. Each key is tied to a user account and can be scoped to specific integrations.
Key format
Section titled “Key format”sk_a1b2c3d4e5f6g7h8...- Prefix:
sk_ - Key prefix (visible in dashboard): first 8 hex characters after
sk_ - Full key shown only once at creation
Creating keys
Section titled “Creating keys”Keys are created on the dashboard or via the API:
skillett login# → Creates account, redirects to API keys page# → Copy the key and paste into CLIScopes
Section titled “Scopes”Keys can be scoped to limit which integrations they can access:
| Scope | Access |
|---|---|
* (default) | All integrations |
github | Only GitHub endpoints |
github,gmail | GitHub and Gmail |
When a key with limited scopes calls an endpoint outside its scope, the API returns:
{ "error": "scope_not_allowed", "message": "API key does not have access to the notion integration."}Rate limits
Section titled “Rate limits”Rate limits are applied per API key:
| Plan | Requests/minute | Daily limit |
|---|---|---|
| Free | 30 | 10,000 |
| Pro ($29/mo) | Higher | Higher |
| Unlimited ($49/mo) | Highest | Highest |
Daily limits reset at midnight UTC.
Security
Section titled “Security”- Keys are hashed before storage — the plaintext key is never persisted
- Keys are validated by hashing the incoming key and comparing to the stored hash
- Revoked keys immediately stop working
- Each API call is logged in the
skill_callstable for auditing
Key limits by plan
Section titled “Key limits by plan”| Plan | Max API keys |
|---|---|
| Free | 1 |
| Pro | Unlimited |
| Unlimited | Unlimited |
Managing keys
Section titled “Managing keys”| Action | Method |
|---|---|
| List keys | GET /api-keys or dashboard |
| Create key | POST /api-keys or dashboard |
| Revoke key | DELETE /api-keys/:id or dashboard |
See the API Key Management reference for full details.