API Access
API keys let external systems run your rule sets directly — starting a run, passing in data, and resuming a paused run — without going through the web app.
Creating an API key
You create and manage keys on the API Access screen of an environment. Each key is shown in full only once, at the moment you create it — afterwards only a short preview is kept — so copy it somewhere safe right away. A key can carry an optional expiration date, and creating or deleting keys requires an administrator role on the environment.
Key scopes
Every key has a scope that bounds what it can run:
- Organization — broad access across the organization.
- Project — limited to rule sets within one project.
- Rule set — limited to a single rule set.
Choose the narrowest scope that still lets the integration do its job, so a leaked key can do as little as possible.
A key authenticates requests to the engine. Never commit it to source control or expose it in client-side code. To rotate a key, delete it and issue a new one.
Running a rule set with a key
With a key you can trigger a rule set run programmatically from your own systems and pass in the input data the run should start with. That data initializes the run's context, just as if you had supplied it through the app, and you can include files as well as plain values. From there the rule set executes on its own.
Resuming a paused run
Some rule sets pause partway through — for example while they wait on an external system or a person. A run like this can be resumed later, and you can supply additional data when you resume it so the rest of the run can act on whatever came back. See Webhooks & Callbacks for how paused runs resume.
For agent-style access that lets an AI client run your rule sets, see the MCP Server. To turn an external API into a rule action you can call, see OpenAPI Import.