Editorial note: Goji.my may earn a commission if you subscribe through links in this article. This does not influence our independent rankings. Our methodology.
Overview
API keys let you call the Goji REST API programmatically. You can create keys (shown once), copy or revoke them, enable/disable individual keys, watch your per-minute/day/month usage against your plan, restrict access by IP, and set a webhook URL.
Step-by-step guide
- Open Dashboard → API keys.
- Click Create a new key, give it a name, and copy the key immediately — the full value is shown only once.
- Use the key as a Bearer token:
Authorization: Bearer gk_…against/api/v1/…. - Watch the Usage card — requests this minute/day/month against your plan limits; approaching the cap shows a warning.
- Use Enable/Disable to pause a key, Revoke/Delete to remove it.
- Optionally set an IP whitelist and a webhook URL (with “Send test webhook”) under API Security.
- See View API docs for endpoints, examples and your live rate-limit table.
Common mistakes
- Pasting the key somewhere you can't retrieve it later — store it in a secret manager right after creation.
- Committing keys to source control or sharing them in chat.
- Hitting 429 errors then retrying in a tight loop — respect the Retry-After header and your plan limits.
Best practices
- Use one key per integration so you can revoke just that integration if needed.
- Restrict keys with an IP whitelist when the caller has a fixed address.
- Rotate keys periodically and immediately if one may be exposed.