Smartlead now supports Client-Level API Keys, giving you greater control, visibility, and security over how your API is accessed and used across different clients.
This upgrade brings granular access management and client-specific authentication, empowering teams to easily create, assign, and monitor API keys at both the account and client levels.
With Client-Level API Keys, you can manage integrations more securely, track usage per client, and configure rate limits with precision - all from one unified dashboard.
This feature is designed for:
Agencies and Resellers - assign unique API keys to each client for safer, isolated integrations.
Enterprise Teams - meet advanced security and compliance requirements with client-level authentication.
Developers - test, integrate, and monitor API usage with clearer attribution and configurable limits.
Key Benefits:
Secure, client-specific integrations
Transparent usage tracking and analytics
Easy key rotation and management
Flexible rate limits with built-in activity alerts
You can now create and manage two types of keys:
Account-Level Keys:
Used for general integrations connected to your main Smartlead account.
Client-Level Keys:
Created for specific clients under your white-labeled setup.
Each client can have one API key, and each API key can only be linked to one client - ensuring clear ownership and tracking.
Under your profile in Smartlead, click on Settings.
Go to API Key Management.
You’ll see a list of all existing API keys (masked for security) or it may be blank if you have not created any client API keys yet.
To create a New API Key, click on “Create API Key”.
Add a descriptive name (e.g., Production Backend or Client A Integration).
Assign it to a client
Confirm creation - your new key will be visible only once, so make sure to copy it securely.
Note: Once you leave the page, the key value cannot be viewed again for security reasons.
Once your keys are created, you can easily manage and organize them from the same dashboard.
Click the Edit icon beside the API key name.
Update the name to something more descriptive (e.g., Client A – CRM Integration).
Save your changes - the key will retain its same value and permissions.
If you suspect unauthorized use or simply want to rotate credentials:
Click Reset Key from the actions menu beside the API key.
A new key will be generated instantly, and the old one will be revoked.
Copy the new key immediately, as it will be shown only once.
Important: Once reset, the old API key becomes invalid. You’ll need to update it in any connected integrations.
If an API key is no longer needed:
Click Delete beside the corresponding key.
Confirm deletion in the pop-up dialog.
The key will be revoked and retained in your logs for 30 days before permanent removal.
Note: Deleted keys remain visible (masked) under “Revoked Keys” for audit and compliance tracking.
Each client-level API key comes with its own rate limit, set to 60 requests per minute by default.
You can adjust this based on your integration needs and system performance.
Additional security measures include:
Activity logs: Every API key action (create, delete, assign) is recorded.
Alerts: Smartlead automatically monitors for unusual or excessive API activity.
Key retention: Revoked keys remain visible (masked) for 30 days, then permanently deleted.
Use unique keys for each client or environment (Production, Staging, etc.)
Rotate keys periodically for better security
Never share your API keys publicly
Keep rate limits optimized based on your integration needs
Revoke unused or inactive keys promptly
Q: Can one API key be shared across multiple clients?
No. Each API key is exclusive to one client.
Q: What happens if I delete a key by mistake?
Deleted keys are stored for 30 days and can be reissued if needed.
Q: Do old integrations stop working after migration?
No. They’ll continue to work with your primary key until you choose to switch.
