Documentation
Suggest a featureContact supportSchedule demoAccess Dev CenterCreate sandbox

Choosing the API Keys owner

Suggest Edits

Selecting the correct owner for a PandaDoc API Key is crucial, as the key inherits the owner's permissions and impacts API usage limits.

Key Considerations

1. Permissions & Role

  • The API Key inherits the owner's role and permissions in the workspace.
  • User must have an Admin role to become an API Key owner. However, role might be changed after creation. (Account Roles), which will affect the permission scope of the key.

2. Action Attribution

  • API actions are executed on behalf of the owner, appearing in audit logs as their actions.
  • Select an owner whose activity should be tracked in reports.

3. Key Deactivation

  • If the owner is removed from the workspace, the API Key is automatically deactivated.
  • Avoid using personal accounts—use a service account where possible.

4. Rate Limits

  • API rate limits are per user. (Rate Limits)
  • If the same user owns keys across multiple workspaces, their limit is shared.
  • Distribute key ownership to avoid hitting limits.

Best Practices

  • Use a dedicated service accounts instead of individual users, so the user is never removed.
  • For Organization Level operations, create a service workspace where only Org Admin is added to have an API Key no one else can access.
  • Avoid having Org Admin as a key's owner in every workspace. Each key owned by Org Admin has an access to User and Workspace Management endpoints.
  • Monitor usage and rotate keys periodically to maintain security.

Updated about 21 hours ago