If you use the Buttondown API, you've probably run into this: you've got one API key, and it can do everything. That's fine when it's just you tinkering around, but once you start building real integrations — a Zapier workflow here, a custom script there, maybe a third-party tool that only needs read access — sharing the same all-powerful key everywhere starts to feel a bit risky.
Now you can create multiple API keys, each with its own permissions. Head to API → Keys and you'll see a new management page where you can:
| Feature | Description |
|---|---|
| Create as many keys as you need | No more sharing a single key across all integrations |
| Give each one a label | So you remember what "api_key_7f3a" is actually for |
| Set granular permissions | Control exactly what each key can do |
The permissions are pretty straightforward — for each category (subscribers, emails, automations, etc.) you can choose:
| Level | Access |
|---|---|
| Write | Full access to create, update, and delete |
| Read | Can view but not modify |
| None | No access at all |
So if you're building a dashboard that just displays subscriber counts, give it a read-only key. If you're integrating with a third-party form tool, create a key that can only add subscribers. If something goes wrong with one integration, you can regenerate or delete that specific key without breaking everything else.
This is especially handy if you're working with contractors or external tools — you can give them exactly the access they need, nothing more.
Check out the API authentication docs for more details on how to use your keys.