{"section":"tracks","requestedLocale":"en","requestedSlug":"api-keys-for-integrations","locale":"en","slug":"api-keys-for-integrations","path":"docs/en/tracks/vtex-modules-getting-started/accounts-and-permissions/api-keys-for-integrations.md","branch":"main","content":"To connect your VTEX store with external systems (ERPs, marketing tools, management platforms), use **API keys** to authenticate these integrations securely.\n\nAPI keys are credentials that allow external systems to access the VTEX APIs. Each key consists of:\n\n- **API key**: Public identifier of the key.\n- **API token**: Secret password (displayed only once, upon creation).\n\nKeys must be active and have [roles](https://help.vtex.com/en/docs/tutorials/roles) associated with them to define which resources they can access.\n\n## Key types\n\n| Type                                               | Description                                                                                                                | Use cases                                                   | Documentation                                       |\n| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | --------------------------------------------------- |\n| **Internal keys (generated)**   | Created in the VTEX Admin. You have full control to create, edit, renew, and revoke roles. | Integrations with ERP, internal automations, custom scripts | [Generated keys](https://help.vtex.com/en/docs/tutorials/generated-keys) |\n| **External keys (third-party)** | Created by partners/apps. You can only manage the roles in your account.                   | VTEX App Store apps, integrations with certified partners   | [External keys](https://help.vtex.com/en/docs/tutorials/external-keys)   |\n\n## Managing API keys\n\n**Where to manage:** _Account settings > API keys_\n\n**What you can do:**\n\n- View all keys (internal and external)\n- Create internal keys\n- Add external keys\n- Edit role\n- Activate/deactivate keys\n- Renew tokens\n- Delete keys\n- Export list for auditing\n\n> ℹ️ Learn more in [API keys](https://help.vtex.com/en/docs/tutorials/api-keys).\n\n## Principle of least privilege\n\nAssociate only with the strictly necessary roles. Examples:\n\n- Integration that **reads orders only** → read-only Orders role\n- ERP that manages inventory → only for Catalog and Logistics roles\n\n## Token renewal and alerts\n\nRenew tokens periodically (every 3-6 months for critical keys). Configure [automatic alerts](https://help.vtex.com/docs/tutorials/configuring-alerts-to-renew-api-tokens) so you don’t forget.\n\n> ⚠️ The API token is displayed only once, upon creation. Store it securely.\n\n## Permission requirements\n\n[User Administrator - RESTRICTED](https://help.vtex.com/docs/tutorials/predefined-roles#user-administrator-restricted) role or a custom role with the following resources:\n\n- View API keys\n- Edit API keys\n- Renew API token\n- Edit API keys settings\n\n## Best practices\n\n- Use descriptive names\n- Apply the least privilege principle\n- Store tokens securely — never in source code.\n- Renew periodically\n- Audit and remove unnecessary keys\n- Revoke immediately if compromised\n- Never use client-side code for integrations\n- Don't share tokens via email, chat, or tickets\n\n> ℹ️ Learn more in [Best practices for using API keys](https://help.vtex.com/en/docs/tutorials/best-practices-api-keys).\n\n## Learn more\n\n- [API keys](https://help.vtex.com/en/docs/tutorials/api-keys)\n- [Best practices for using API keys](https://help.vtex.com/en/docs/tutorials/best-practices-api-keys)\n- [Generated keys](https://help.vtex.com/en/docs/tutorials/generated-keys)\n- [External keys](https://help.vtex.com/en/docs/tutorials/external-keys)\n- [Renewing API tokens](https://help.vtex.com/docs/tutorials/renewing-api-tokens)\n- [Configuring alerts to renew API tokens](https://help.vtex.com/docs/tutorials/configuring-alerts-to-renew-api-tokens)\n- [Exporting API keys](https://help.vtex.com/en/docs/tutorials/exporting-api-keys)\n- [Roles](https://help.vtex.com/en/docs/tutorials/roles)\n- [License Manager resources](https://help.vtex.com/en/docs/tutorials/license-manager-resources)\n- [API authentication using application keys](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys) (for developers)"}