API Keys

API keys let you connect external tools and custom applications to your Driive organization. Every API request is authenticated with a key, and each key is scoped to a specific organization with the permissions you choose.

Why use API keys?

• Integrate with other tools — Connect Driive to your CRM, field-service software, or custom internal tools

• Build custom dashboards — Pull appointment, contact, and team data into your own reporting interface

• Automate data exports — Schedule scripts that extract data from Driive on a regular basis

• Authenticate MCP connections — The MCP Server uses an API key for authentication

Creating an API key

1. Navigate to Developer > API Keys in the sidebar.

2. Click Create API Key.

3. Enter a descriptive name for the key (e.g., "Zapier Integration", "Custom Dashboard", "CRM Sync").

4. Select the permission level:

   • Read — View data only (appointments, contacts, availability, etc.)

   • Write — Create and update data in addition to reading it

5. Optionally set an expiration date. After this date, the key will stop working automatically.

6. Click Create.

7. Copy the key immediately — it is only displayed once at creation. Store it in a secure location (like a password manager or environment variable).

Important: If you lose your API key, you cannot retrieve it. You'll need to create a new one and update your integrations.

How API keys are stored

Driive takes API key security seriously:

• Keys are hashed before being stored — Driive never stores your key in plain text

• Only a key prefix is saved for identification (e.g., dk_abc1...), so you can tell your keys apart in the management interface

• The full key is shown once at creation and never again

Managing your API keys

The API Keys page shows all keys for your organization. For each key, you can see:

Revoking a key

If a key is compromised or no longer needed:

1. Find the key in the API Keys list.

2. Click the Revoke button.

3. Confirm the revocation.

The key stops working immediately. Any integrations using it will begin receiving authentication errors.

Tip: Before revoking a key that's actively in use, create a replacement key first and update your integration. Then revoke the old one to avoid downtime.

Using your API key

Include your API key in the Authorization header of every API request:

Authorization: Bearer dk_your_api_key_here

Example request:

GET /v1/organizations/{orgId}/appointments
Authorization: Bearer dk_your_api_key_here
Content-Type: application/json

All API requests are scoped to the organization the key belongs to. You cannot access data from other organizations with the same key.

Security best practices

Follow these guidelines to keep your API keys secure:

• Never share keys in plain text — Don't send keys over email, Slack, or other messaging tools. Use a password manager or secrets management service.

• Store keys as environment variables — Never hard-code keys in your application source code or check them into version control.

• Use the minimum required permissions — If your integration only reads data, use a Read key. Only use Write when you need to create or update records.

• Set expiration dates — For temporary integrations or third-party tools, set an expiration date so the key automatically stops working when it's no longer needed.

• Rotate keys regularly — Create a new key, update your integration, then revoke the old key. This limits the window of exposure if a key is leaked.

• Monitor last-used timestamps — Check the "Last used" column periodically. If a key hasn't been used in a long time, consider revoking it.

• Revoke compromised keys immediately — If you suspect a key has been exposed, revoke it right away and create a replacement.

Next steps

• Webhooks — Set up real-time event notifications

• MCP Server — Connect an AI agent using your API key

• Troubleshooting — Fix common API key issues